Through IBM's SMash (secure mashup) technology, information from different sources can communicate with each other, but the sources are kept separate to prevent the spread of malicious code. SMash keeps code and data from each of the sources separated while allowing controlled sharing of data through a secure communication channel.
Mashups are defined by IBM as Web applications that pull information from multiple sources such as Web sites, enterprise databases, and e-mail to present a single view. But mashups have been beset by security risks, IBM said.
"What we were striving for was to have [mashups] interact with other information on a page in a secure manner," said David Boloker, CTO of emerging Internet technologies in the IBM software group.
SMash prevents information from one domain trying to access information on the page, Boloker said. But developers can allow access if they choose.
"[It] allows you to communicate with other parts of your Web page in a secure manner," he said.
The technology is being donated to the OpenAjax Alliance and is to become part of OpenAjax Hub 1.1, which goes to general release in June, Boloker said. Once available, SMash can be used in Web pages in mashups.
"I think SMash could potentially address a need in the AJAX market – namely enabling safer client-side cross-domain access to multiple sites," said analyst Jeffrey Hammond, senior analyst for application development at Forrester Research. "This client-side cross-domain access pattern is becoming increasingly popular when developers want to mix in technology from multiple sites, but don’t feel comfortable importing that code into their server domains."
Building on top of OpenAjax Hub is a strength of SMash, Hammond said.