IBM is unveiling technology to secure mashups Thursday and is donating it to the OpenAjax Alliance, an organization promoting AJAX (Asynchronous JavaScript and XML) interoperability.

Through IBM's SMash (secure mashup) technology, information from different sources can communicate with each other, but the sources are kept separate to prevent the spread of malicious code. SMash keeps code and data from each of the sources separated while allowing controlled sharing of data through a secure communication channel.

Mashups are defined by IBM as Web applications that pull information from multiple sources such as Web sites, enterprise databases, and e-mail to present a single view. But mashups have been beset by security risks, IBM said.

"What we were striving for was to have [mashups] interact with other information on a page in a secure manner," said David Boloker, CTO of emerging Internet technologies in the IBM software group.

SMash prevents information from one domain trying to access information on the page, Boloker said. But developers can allow access if they choose.

"[It] allows you to communicate with other parts of your Web page in a secure manner," he said.

"You're preventing JavaScript coming from another site taking over control of the Web page and not only taking control of the Web page, they could be trying to deliver erroneous information, could be trying to erase files on your hard drive, anything like that," said Boloker.

The technology is being donated to the OpenAjax Alliance and is to become part of OpenAjax Hub 1.1, which goes to general release in June, Boloker said. Once available, SMash can be used in Web pages in mashups.

"I think SMash could potentially address a need in the AJAX market – namely enabling safer client-side cross-domain access to multiple sites," said analyst Jeffrey Hammond, senior analyst for application development at Forrester Research. "This client-side cross-domain access pattern is becoming increasingly popular when developers want to mix in technology from multiple sites, but don’t feel comfortable importing that code into their server domains."

Building on top of OpenAjax Hub is a strength of SMash, Hammond said.