News

New Specs On Tap For Ajax Development

• By John K. Waters
• 10/27/2008

The move, by the OpenAjax Alliance, is aimed at making it easier -- and safer -- to build applications using AJAX, a popular Web development technique deployed to improve the responsiveness of Web pages by automating the exchange of information between browsers and servers. The consortium announced the initiatives at the AJAXWorld RIA Conference & Expo in San Jose, Calif. Given that more than 111 vendors are members of OpenAjax including IBM, Google, Microsoft, Oracle and the Eclipse Foundation, these specs promise to play a key role in future AJAX development, observers noted.

"There are 10 to 20 AJAX IDEs on the market today, and a couple hundred AJAX toolkits (libraries)," said David Boloker, IBM's CTO of Emerging Internet Technology. "Different AJAX toolkits -- such as Dojo, JQuery and Prototype -- each documents their APIs in a different manner. So you have this problem of trying to get the IDEs to do a good job of supporting the toolkits."

To "do good things" with AJAX toolkits, the leading IDEs, such as Eclipse, NetBeans, Dreamweaver and Visual Studio, have had to do "one-off development work," Boloker said; it has been a largely library-by-library, manual process for the tool vendors. Adobe Systems, for example, has supported its own Adobe Spry toolkit in Dreamweaver. Visual Studio has supported Microsoft's Atlas Framework (ASP.NET AJAX). "You've got hundreds of toolkits and tens of IDEs, and there's very little coverage," he said.

The newly launched OpenAjax Metadata Integration initiative aims to solve this problem, Boloker said, by providing a standard way of representing JavaScript APIs and any widgets included in an AJAX toolkit. With that standard in place, the IDEs need to support only the OpenAjax format to support the toolkits. The standard will make it possible for the dev tools to work with any library, the Alliance asserted, and provide intelligent code assist, interactive help and drag-and-drop visual editing using AJAX widgets.

Adobe was among the companies onboard at the show with the new standard. Its Dreamweaver Creative Suite 4 is using the OpenAjax widget format as its native widget format, allowing it to interoperate with different widgets from other AJAX libraries. Also, the Eclipse Foundation has implemented the JavaScript API as part of the metadata format in its JavaScript Development Tool (JSDT) project. Aptana, a San Mateo, Calif.-based development tools maker, actually provided a set of standards that served as a starting point for the work in OpenAjax on this initiative, Boloker said.

Securing AJAX
The OpenAjax Alliance also addressed mashup security with the latest version of its OpenAjax Hub technology. The Hub has been a cornerstone project since the Alliance was founded in 2006. Version 1.0 was released in 2007. The Alliance billed it as "an industry-standard, secure mashup runtime" designed to isolate third-party widgets in secure sandboxes and mediate messaging among those widgets with a security manager, explained Jon Ferraiolo, director of the OpenAjax Alliance.

"Mashups can represent a real security risk, because they utilize potentially malicious third-party components," Ferraiolo said. "We're trying to provide a secure environment for enterprise mashups -- for any kind of mashups -- but particularly those developed in an enterprise."

Version 1.1 of the Hub, unveiled at the conference, is designed to isolate third-party widgets in security sandboxes in the browsers and mediate the messaging among the widgets with a security manager. Ferraiolo said the new version of the Hub will be delivered as both an open specification and a commercial-grade, open source reference implementation.

Included within the OpenAjax Metadata standard is the Widget Interoperability Standard, which makes it possible to define "mashable widgets." These are widgets that can identify the properties they share with other widgets and the messages they can publish and receive from other widgets, Ferraiolo said.

This is a model that IBM has is already employing with its own QEDwiki drag-and-drop mashup tool, launched in late 2006.

Systems like the Hub are going to be necessary for enterprises to feel secure enough to take advantage of the speed and flexibility offered by the mashup model, said Gartner analyst David Cearley. "Enterprises are showing a lot of interest in the capability, but there are still significant security, privacy, scalability and quality-of-service concerns that are limiting the scope of mashups that people are willing to do today," he said.