Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • IT Management
    • Servers

    OpenAjax Alliance Delivers Secure Mashup Software

    By
    Darryl K. Taft
    -
    August 31, 2009
    Share
    Facebook
    Twitter
    Linkedin

      The OpenAjax Alliance, a group of companies, open-source projects and organizations dedicated to delivering interoperable AJAX technologies, announced on July 27 the “approval and availability of OpenAjax Hub 2.0 as an industry standard for more secure Web 2.0 mashup applications,” the Alliance said in a news release.

      The OpenAjax Alliance developed OpenAjax Hub 2.0 over the past two years. “AJAX is Web development technology based on HTML and JavaScript that runs mashups, widgets and gadgets. Mashups allow business users to drag and drop ‘mashed up’ components to create customized Web applications in minutes,” the organization said in the release. It continued:

      “The major addition to Hub 2.0 is a JavaScript Library for Secure Enterprise Mashups created to better protect widgets and mashups from hackers and malicious intent. It addresses concerns among IT managers that may have inhibited adoption of mashup software within companies.”OpenAjax Hub 2.0 is a major step forward for the OpenAjax Alliance towards its mission of promoting Ajax interoperability,” says David Boloker, OpenAjax Alliance Steering Committee chairman and chief technology officer for Emerging Internet Technology [at] IBM. “In order to realize the potential for mashups across the industry, there [need] to be standards. Hub 2.0 defines a key industry standard for how widgets can be isolated into secure containers and then how widgets can talk to each other through a mediated messaging bus.”“

      Bertrand Le Roy, senior program manager at Microsoft, was quoted as saying, “The OpenAjax Hub 2.0 is a unique opportunity for the industry to provide a trusted solution to the very real problem of secure mashups, bridging applications as well as libraries such as the Microsoft Ajax Library or jQuery without a constraint on their design.”

      To read more about the OpenAjax Alliance, click here.

      The Hub 2.0 technology “isolates third-party widgets into secure sandboxes and mediates messaging among the widgets with a security manager. For example, suppose a Website includes a third-party calendar widget. That widget itself might be malicious or might become malicious if its code has vulnerabilities that allow a site to hijack the widget. Malicious widgets could transmit hijacked data to a scamming Website or piggyback user credentials to read and write from company servers,” the OpenAjax Alliance said in its statement.

      However, it said, “Hub 2.0 prevents attacks by isolating untrusted widgets from the main application and other widgets, and by preventing access to user credentials. It protects against widget hijacking due to its features around careful widget loading and unloading and message integrity.” According to the statement:

      ““OpenAjax Hub 2.0 is a significant technology advancement for enterprise mashups,” said Mikael Orn, director of development for IBM Mashup Center. “Hub 2.0 allows companies to realize both mashup security and flexibility. With OpenAjax Hub 2.0, users or administrators can isolate untrusted third-party widgets into secure sandboxes, preventing information stealing and other malicious acts. The net result is that mashup users can combine company-internal widgets with third-party widgets without compromising security.”“

      “JackBe is excited to see the OpenAjax Hub 2.0 mature into a robust specification and standard that provides an additional approach to [addressing’ the security challenges of mashups in the browser,” said Deepak Alur, vice president of engineering and product management at JackBe. “At JackBe we are incorporating this technology into Presto, JackBe’s enterprise mashup platform, to enhance our offering and provide even greater security support for our enterprise customers.”

      Steve Repetti, CEO and CTO at RadWeb Technologies, said, “The new OpenAjax Hub 2.0 provides a comprehensive enterprise-grade solution for secure widget interoperability. OpenAjax Hub 2.0 is the glue that binds distributed objects and applications together in a trusted environment.”

      And Howard Weingram, principal architect at TIBCO Software, called OpenAjax Hub 2.0 a “very important advance for the industry.” He added, “For the first time implementers can securely combine standardized widgets and components from different sources, including those with very different trust profiles. TIBCO is shipping Hub 2.0-enabled products today and sees the Hub as a strategic technology.”

      According to the statement:

      “OpenAjax Hub 2.0 was validated in late 2008 during a multi-vendor interoperability event, and then revised in early 2009 to allow straightforward integration with other industry mashup technologies, particularly OpenSocial technologies. It has now been finalized and approved for release.“

      The OpenAjax Alliance also said:

      “The announcement is part of a broader set of initiatives at OpenAjax Alliance to accelerate customer success using Ajax. In addition to OpenAjax Hub, the alliance is working on a companion mashup initiative, OpenAjax Widgets, which defines an Ajax interoperability standard for Ajax widgets, and is scheduled for approval in the coming months.“

      Darryl K. Taft
      Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×