News

New Specs on Tap for AJAX Development

The OpenAjax Alliance unveils two key standards initiatives: a new metadata specification and a new version of its mashup runtime.

• By John K. Waters
• 11/15/2008

Last month, a consortium of vendors focused on AJAX interoperability unveiled two key standards initiatives: a new metadata specification and a new version of the consortium's mashup runtime.

The move, by the OpenAjax Alliance, is aimed at making it easier-and safer-to build applications using AJAX, a popular Web-development technique deployed to improve the responsiveness of Web pages by automating the exchange of information between browsers and servers. The consortium announced the initiatives at the AJAXWorld RIA Conference & Expo in San Jose, Calif. Given that more than 111 vendors are members of OpenAjax-including IBM Corp., Google Inc., Oracle Corp., Microsoft and the Eclipse Foundation-observers noted that these specs promise to play a key role in future AJAX development.

Standardized JavaScript API
"There are 10 to 20 AJAX IDEs on the market today, and a couple hundred AJAX toolkits [libraries]," says David Boloker, IBM's CTO of emerging Internet technology.

"Different AJAX toolkits-such as Dojo, JQuery and Prototype-each document their APIs in a different manner," Boloker continues. "So you have this problem of trying to get the IDEs to do a good job of supporting the toolkits."

To "do a good job" with AJAX toolkits, the leading IDEs-such as Eclipse, NetBeans, Dreamweaver and Visual Studio-have had to do "one-off development work," Boloker says. It has been a largely library-by-library, manual process for the tools vendors. Adobe Systems Inc., for example, has supported its own Adobe Spry toolkit in Dreamweaver. Visual Studio has supported Microsoft's Atlas Framework. "You've got hundreds of toolkits and tens of IDEs, and there's very little coverage," he adds.

A Solution?
Boloker explains that the newly launched OpenAjax Metadata Integration initiative aims to solve this problem by providing a standard way of representing JavaScript APIs and any widgets included in an AJAX toolkit. With that standard in place, the IDEs need to support only the OpenAjax format to support the toolkits. The standard will make it possible for the dev tools to work with any library, the Alliance asserts, and provide intelligent code assist, interactive help and drag-and-drop visual editing using AJAX widgets.

Adobe was among the companies on board with the new standard at the show. Its Dreamweaver Creative Suite 4 uses the OpenAjax widget format as its native format, allowing it to interoperate with different widgets from other AJAX libraries. Also, the Eclipse Foundation has implemented the JavaScript API as part of the metadata format in its JavaScript Development Tool project. Aptana Inc., a San Mateo, Calif.-based development tools maker, actually provided a set of standards that served as a starting point for the work in OpenAjax on this initiative, Boloker says.

Securing AJAX
The OpenAjax Alliance also addresses mashup security with the latest version of its OpenAjax Hub technology. The Hub has been a cornerstone project since the Alliance was founded in 2006. Version 1.0 was released in 2007. The Alliance bills it as "an industry-standard, secure mashup runtime" designed to isolate third-party widgets in secure sandboxes and mediate messaging among those widgets with a security manager, says Jon Ferraiolo, director of the OpenAjax Alliance.

"Mashups can represent a real security risk, because they utilize potentially malicious third-party components," Ferraiolo explains. "We're trying to provide a secure environment for enterprise mashups-for any kind of mashups-but particularly those developed in an enterprise."

Two New AJAX Standards 1. OpenAjax Metadata Integration: A common method of representing JavaScript APIs and widgets included in an AJAX toolkit. 2. OpenAjax Hub 1.1: Aimed at providing mashup security by isolating third-party widgets in security sandboxes in the browser and mediating the messaging among the widgets with a security manager.

Version 1.1 of the Hub, unveiled at the conference, is designed to isolate third-party widgets in security sandboxes in the browser and mediate the messaging among the widgets with a security manager. Ferraiolo says the new version of the Hub will be delivered as both an open specification and a commercial-grade, open source reference implementation.

Included within the OpenAjax Metadata standard is the Widget Interoperability Standard, which makes it possible to define "mashable widgets." These are widgets that can identify the properties they share with other widgets and identify the messages they can publish and receive from other widgets, Ferraiolo says.

This is a model that IBM has and is already employing with its own QEDwiki drag-and-drop mashup tool, launched in late 2006.

Systems like the Hub are going to be necessary for enterprises to feel secure enough to take advantage of the speed and flexibility offered by the mashup model, says Gartner Inc. analyst David Cearley. "Enterprises are showing a lot of interest in the capability, but there are still significant security, privacy, scalability and quality-of-service concerns that are limiting the scope of mashups that people are willing to do today," he says.