LOGIN | REGISTER NOW | SUBSCRIBE
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

 

Events calendar tab
SharePointPro Summit & Expo
3/16/2010 to 3/19/2010
Las Vegas
Penton Media

TheServerSide Java Symposium
3/17/2010 to 3/19/2010
Las Vegas
TechTarget

EclipseCon
3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections
4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo
4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media


 
print Printable version 
Most Read Latest News Blog Resources
Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Going 'all in' on .NET as default runtime
Programmers for Windows Phone 7 will need to use Silverlight and XNA for development

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

OpenAjax Hub better secures mashups


By Jeff Feinman
August 31, 2009 — 
The OpenAjax Alliance, an industry consortium focused on adoption of AJAX-based Web technologies, has implemented new security features into its defined set of JavaScript functionalities.

OpenAjax Hub 2.0, released today, brings a JavaScript library for Secure Enterprise Mashups that organization executives said can better protect widgets and mashups from hackers. The library isolates third-party widgets into secure sandboxes and manages messaging among the widgets with a security manager.

For example, if a website includes a third-party calendar widget, the widget itself might become malicious if its code has vulnerabilities. Hub 2.0 can prevent attacks by isolating non-trusted widgets from an application and by preventing access to user credentials.

“We looked at how to take enterprise data and create a mashup from it with data that could be coming from different domains outside of my secure area,” said David Boloker, OpenAjax Alliance steering committee chairman and CTO of emerging Internet technologies for IBM.

“That’s why we implemented sandboxing, where my widget can’t talk to any other widget unless I enable it. I might be able to get, for example, the data of all the accounts on my page, but no other widget, malicious or not, can get that same data unless I decide to enable them.”

Hub 2.0 also introduces a feature called Managed Hub, which allows the creation of both developer-built mashups and end-user-built mashups. Hub 1.0 only allowed for mashups built by developers. The Managed Hub ensures security by preventing sandboxed components from accessing the JavaScript of the host application or other components.

Hub 2.0 is available as both a specification and an open-source implementation. The Hub 2.0 specification was recently approved by OpenAjax Alliance members as an AJAX industry standard. The specification defines standardized JavaScript APIs for secure mashups to foster interoperability among mashups and mashup components. The open-source implementation is written in JavaScript and is compatible with all desktop browsers, according to Boloker.

Other members of the OpenAjax Alliance include JackBe, Microsoft, RadWeb Technologies, Software AG and TIBCO.

“OpenAjax Hub 2.0 is a very important advance for the industry,” said Howard Weingram, principal architect for TIBCO Software. “For the first time, implementers can securely combine standardized widgets and components from different sources, including those with very different trust profiles.”

When asked how AJAX fits into the rich Internet application landscape with Adobe and Microsoft consistently updating Flash and Silverlight, respectively, Boloker said the OpenAjax Alliance is solely focused on openness and interoperability of AJAX applications.

“We really don’t per se worry about how Silverlight 3.0 is going to interoperate with JavaScript. That’s more of Microsoft’s problem,” he said. “It just so happens that both Adobe and Microsoft pretty much ensured that standard JavaScript will interface with Flash and Silverlight. But the OpenAjax Alliance is all about the open Web, making sure that all the widgets will work, and that if someone wants to create a Web page that has disparate widgets, we can make them communicate securely.”


Related Search Term(s): JavaOpenAjax


Share this link: http://www.sdtimes.com/link/33723
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading