New Specs on Tap for AJAX Development
The OpenAjax Alliance unveils two key standards initiatives: a new metadata specification and a new version of its mashup runtime.
Last month, a consortium of vendors focused on AJAX interoperability unveiled two key standards initiatives: a new metadata specification and a new version of the consortium's mashup runtime.
The move, by the OpenAjax Alliance, is aimed at making it easier-and safer-to build applications using AJAX, a popular Web-development technique deployed to improve the responsiveness of Web pages by automating the exchange of information between browsers and servers. The consortium announced the initiatives at the AJAXWorld RIA Conference & Expo in San Jose, Calif. Given that more than 111 vendors are members of OpenAjax-including IBM Corp., Google Inc., Oracle Corp., Microsoft and the Eclipse Foundation-observers noted that these specs promise to play a key role in future AJAX development.
"There are 10 to 20 AJAX IDEs on the market today, and a couple hundred AJAX toolkits [libraries]," says David Boloker, IBM's CTO of emerging Internet technology.
"Different AJAX toolkits-such as Dojo, JQuery and Prototype-each document their APIs in a different manner," Boloker continues. "So you have this problem of trying to get the IDEs to do a good job of supporting the toolkits."
To "do a good job" with AJAX toolkits, the leading IDEs-such as Eclipse, NetBeans, Dreamweaver and Visual Studio-have had to do "one-off development work," Boloker says. It has been a largely library-by-library, manual process for the tools vendors. Adobe Systems Inc., for example, has supported its own Adobe Spry toolkit in Dreamweaver. Visual Studio has supported Microsoft's Atlas Framework. "You've got hundreds of toolkits and tens of IDEs, and there's very little coverage," he adds.
The OpenAjax Alliance also addresses mashup security with the latest version of its OpenAjax Hub technology. The Hub has been a cornerstone project since the Alliance was founded in 2006. Version 1.0 was released in 2007. The Alliance bills it as "an industry-standard, secure mashup runtime" designed to isolate third-party widgets in secure sandboxes and mediate messaging among those widgets with a security manager, says Jon Ferraiolo, director of the OpenAjax Alliance.
"Mashups can represent a real security risk, because they utilize potentially malicious third-party components," Ferraiolo explains. "We're trying to provide a secure environment for enterprise mashups-for any kind of mashups-but particularly those developed in an enterprise."
|Two New AJAX Standards
2. OpenAjax Hub 1.1: Aimed at providing mashup security by isolating third-party widgets in security sandboxes in the browser and mediating the messaging among the widgets with a security manager.
Version 1.1 of the Hub, unveiled at the conference, is designed to isolate third-party widgets in security sandboxes in the browser and mediate the messaging among the widgets with a security manager. Ferraiolo says the new version of the Hub will be delivered as both an open specification and a commercial-grade, open source reference implementation.
Included within the OpenAjax Metadata standard is the Widget Interoperability Standard, which makes it possible to define "mashable widgets." These are widgets that can identify the properties they share with other widgets and identify the messages they can publish and receive from other widgets, Ferraiolo says.
This is a model that IBM has and is already employing with its own QEDwiki drag-and-drop mashup tool, launched in late 2006.
Systems like the Hub are going to be necessary for enterprises to feel secure enough to take advantage of the speed and flexibility offered by the mashup model, says Gartner Inc. analyst David Cearley. "Enterprises are showing a lot of interest in the capability, but there are still significant security, privacy, scalability and quality-of-service concerns that are limiting the scope of mashups that people are willing to do today," he says.