New Specs On Tap For Ajax Development
A consortium of vendors focused on AJAX interoperability last week unveiled two key standards initiatives: a new metadata specification and a new version of its mashup runtime.
The move, by the OpenAjax Alliance, is aimed at making it easier -- and safer -- to build applications using AJAX, a popular Web development technique deployed to improve the responsiveness of Web pages by automating the exchange of information between browsers and servers. The consortium announced the initiatives at the AJAXWorld RIA Conference & Expo in San Jose, Calif. Given that more than 111 vendors are members of OpenAjax including IBM, Google, Microsoft, Oracle and the Eclipse Foundation, these specs promise to play a key role in future AJAX development, observers noted.
"There are 10 to 20 AJAX IDEs on the market today, and a couple hundred AJAX toolkits (libraries)," said David Boloker, IBM's CTO of Emerging Internet Technology. "Different AJAX toolkits -- such as Dojo, JQuery and Prototype -- each documents their APIs in a different manner. So you have this problem of trying to get the IDEs to do a good job of supporting the toolkits."
To "do good things" with AJAX toolkits, the leading IDEs, such as Eclipse, NetBeans, Dreamweaver and Visual Studio, have had to do "one-off development work," Boloker said; it has been a largely library-by-library, manual process for the tool vendors. Adobe Systems, for example, has supported its own Adobe Spry toolkit in Dreamweaver. Visual Studio has supported Microsoft's Atlas Framework (ASP.NET AJAX). "You've got hundreds of toolkits and tens of IDEs, and there's very little coverage," he said.
The OpenAjax Alliance also addressed mashup security with the latest version of its OpenAjax Hub technology. The Hub has been a cornerstone project since the Alliance was founded in 2006. Version 1.0 was released in 2007. The Alliance billed it as "an industry-standard, secure mashup runtime" designed to isolate third-party widgets in secure sandboxes and mediate messaging among those widgets with a security manager, explained Jon Ferraiolo, director of the OpenAjax Alliance.
"Mashups can represent a real security risk, because they utilize potentially malicious third-party components," Ferraiolo said. "We're trying to provide a secure environment for enterprise mashups -- for any kind of mashups -- but particularly those developed in an enterprise."
Version 1.1 of the Hub, unveiled at the conference, is designed to isolate third-party widgets in security sandboxes in the browsers and mediate the messaging among the widgets with a security manager. Ferraiolo said the new version of the Hub will be delivered as both an open specification and a commercial-grade, open source reference implementation.
Included within the OpenAjax Metadata standard is the Widget Interoperability Standard, which makes it possible to define "mashable widgets." These are widgets that can identify the properties they share with other widgets and the messages they can publish and receive from other widgets, Ferraiolo said.
This is a model that IBM has is already employing with its own QEDwiki drag-and-drop mashup tool, launched in late 2006.
Systems like the Hub are going to be necessary for enterprises to feel secure enough to take advantage of the speed and flexibility offered by the mashup model, said Gartner analyst David Cearley. "Enterprises are showing a lot of interest in the capability, but there are still significant security, privacy, scalability and quality-of-service concerns that are limiting the scope of mashups that people are willing to do today," he said.