IBM is unveiling technology to secure mashups Thursday and is donating it to the OpenAjax Alliance, an organization promoting AJAX (Asynchronous JavaScript and XML) interoperability.
Through IBM's SMash (secure mashup) technology, information from different sources can communicate with each other, but the sources are kept separate to prevent the spread of malicious code. SMash keeps code and data from each of the sources separated while allowing controlled sharing of data through a secure communication channel.
Mashups are defined by IBM as Web applications that pull information from multiple sources such as Web sites, enterprise databases, and e-mail to present a single view. But mashups have been beset by security risks, IBM said.
"What we were striving for was to have [mashups] interact with other information on a page in a secure manner," said David Boloker, CTO of emerging Internet technologies in the IBM software group.
SMash prevents information from one domain trying to access information on the page, Boloker said. But developers can allow access if they choose.
"[It] allows you to communicate with other parts of your Web page in a secure manner," he said.
"You're preventing JavaScript coming from another site taking over control of the Web page and not only taking control of the Web page, they could be trying to deliver erroneous information, could be trying to erase files on your hard drive, anything like that," said Boloker.
The technology is being donated to the OpenAjax Alliance and is to become part of OpenAjax Hub 1.1, which goes to general release in June, Boloker said. Once available, SMash can be used in Web pages in mashups.
"I think SMash could potentially address a need in the AJAX market – namely enabling safer client-side cross-domain access to multiple sites," said analyst Jeffrey Hammond, senior analyst for application development at Forrester Research. "This client-side cross-domain access pattern is becoming increasingly popular when developers want to mix in technology from multiple sites, but don’t feel comfortable importing that code into their server domains."
Building on top of OpenAjax Hub is a strength of SMash, Hammond said.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
Recommend This
