"You want to make sure that the widgets themselves are secure and you want the ability, for example, to be able to turn off one widget from communicating with all the other widgets if it misbehaves," - David Boloker, chairman of the alliance's steering committee and chief technical officer in the emerging Internet technology group at IBM
A Web site, for example, could house a third-party calendar widget that might be malicious or have vulnerabilities to site hijacking. Hub 2.0 prevents attacks by isolating untrusted widgets from the main application and other widgets. User credentials access is prevented.
The alliance previously said OpenAjax Hub 1.1 would feature security capabilities for widgets. OpenAjax Alliance decided to instead call the release 2.0 to better reflect the magnitude of changes.
IBM plans to implement version 2.0 in its IBM Mashup Center 2.0 tool for building mashups, which is currently in a beta release stage. General availability is planned for later this year.
Companies besides IBM that are supporting Hub 2.0 include vendors such as Microsoft and mashup software vendor JackBe.
"The OpenAjax Hub 2.0 is a unique opportunity for the industry to provide a trusted solution to the very real problem of secure mashups, bridging applications as well as libraries such as the Microsoft Ajax Library or jQuery without a constraint on their design," - Bertrand Le Roy, senior program manager at Microsoft
"At JackBe we are incorporating this technology into Presto, JackBe's enterprise mashup platform, to enhance our offering and provide even greater security support for our enterprise customers," - Deepak Alure, JackBe vice president of engineering and product management
Hub 2.0 also features a test suite and customization capabilities. An open source mashup assembly application has been developed by the alliance to show how to build a browser-based mashup application that uses Hub 2.0 and OpenAjax Widgets.