Skip to main content

Add as a preferred source on Google


News

IBM Unveils 'Secure Mashups'

IBM today described a new "secure mashup" technology for the enterprise that is designed to make it easier for nontechnical users to create Web applications from multiple sources. Code-named "SMash," it's designed to create situational applications using "Web sites, enterprise databases or e-mails," according to IBM's announcement.

In addition, IBM plans to contribute the SMash technology to the OpenAjax Alliance, a coalition of vendors and open source organizations that focus on AJAX interoperability issues to enable dynamic Web applications. IBM itself is a founding member of the alliance, along with 14 other companies, such as BEA, the Eclipse Foundation and Novell, among others.

IBM also plans to integrate its SMash technology into a commercial version called IBM Lotus Mashups. The Lotus Mashups product is expected to appear this summer.

IBM identifies a key security issue with mashups as "keeping code and data from each of the sources separated." The company suggests that the sharing of the data should be controlled using a "secure communication channel," according to the announcement.

Mashups are sometimes linked with Web 2.0 collaboration tools, although technically Mashups are any association of applications, data and even Web services combined in a single user interface, typically a Web-based application or rich Internet application. Web 2.0 technologies are often associated with enhancing communication and collaboration. One such tool, instant messaging, gained entrance into the enterprise as a tool that first saw use by the general public. Other such Web 2.0 tools include wikis, blogs and RSS feeds.

However, security for such Web 2.0 tools has gotten a bad rap. A KPMG survey of 472 executives found that half of them viewed security problems as a limiting factor in the uptake of Web 2.0-type tools in the enterprise.

In general, Web applications currently represent the largest security hole, according to a report by security firm Cenzic. A SANS Institute report described the problem as follows: "Web 2.0 applications are vulnerable because user-supplied data cannot be trusted; your script running in the users' browser still constitutes 'user supplied data.'

The SANS Institute report predicts that Web 2.0 attacks "will grow substantially" in 2008.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

comments powered by Disqus

Featured

  • Kubernetes for Developers

    Microsoft's Dan Wahlin previews his introductory "Kubernetes for Developers" session at Visual Studio Live! San Diego 2026, explaining how developers can get past the Kubernetes learning curve by starting locally, mastering Pods first, and using Services to make containerized applications reliably accessible.

  • VS Code Keeps Eye on Costs in v1.126 Update

    Visual Studio Code 1.126 adds session-level Copilot cost information, continuing Microsoft's recent focus on helping developers monitor and manage usage-based GitHub Copilot billing.

  • Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

    Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.

  • Infragistics Puts MCP Toolchain at Center of Ultimate 26.1

    Infragistics Ultimate 26.1 introduces the Ignite UI Enterprise MCP toolchain for AI-assisted app development across Angular, React, Web Components and Blazor.

Most   Popular

Subscribe on YouTube