Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

OpenAjax Hub 2.0 Will Allow Secure Interaction Between JavaScript Widgets

DZone's Guide to

OpenAjax Hub 2.0 Will Allow Secure Interaction Between JavaScript Widgets

· Web Dev Zone
Free Resource

Start coding today to experience the powerful engine that drives data application’s development, brought to you in partnership with Qlik.

In an upgrade to one of its core technologies, the OpenAjax Alliance, an industry group formed to boost interoperability in the AJAX space, is offering OpenAjax Hub 2.0, featuring capabilities for secure interaction between JavaScript widgets.

The Hub 2.0 specification defines standardized JavaScript APIs for secure mashups and offers cross-vendor interoperability among mashup tools and components. It isolates third-party widgets in secure sandboxes and mediates messages between widgets using a security manager.

"You want to make sure that the widgets themselves are secure and you want the ability, for example, to be able to turn off one widget from communicating with all the other widgets if it misbehaves," - David Boloker, chairman of the alliance's steering committee and chief technical officer in the emerging Internet technology group at IBM

A Web site, for example, could house a third-party calendar widget that might be malicious or have vulnerabilities to site hijacking. Hub 2.0 prevents attacks by isolating untrusted widgets from the main application and other widgets. User credentials access is prevented.

Hub 2.0 provides developers with needed assistance in addressing security concerns in JavaScript, said Jeffrey Hammond, principal analyst at Forrester. Developers also need assistance with integration of JavaScript frameworks, which the hub technology addresses, he said.  The need for integration is still a pressing one in that particular space, he said.

The alliance is making available an open source JavaScript library that can implement version 2.0 on a Web page. It is accessible on SourceForge.net. Version 1.0 of the hub, introduced in January 2008, allowed widgets from different AJAX toolkits to communicate with each other.

The alliance previously said OpenAjax Hub 1.1 would feature security capabilities for widgets. OpenAjax Alliance decided to instead call the release 2.0 to better reflect the magnitude of changes.

IBM plans to implement version 2.0 in its IBM Mashup Center 2.0 tool for building mashups, which is currently in a beta release stage. General availability is planned for later this year.

Companies besides IBM that are supporting Hub 2.0 include vendors such as Microsoft and mashup software vendor JackBe.

"The OpenAjax Hub 2.0 is a unique opportunity for the industry to provide a trusted solution to the very real problem of secure mashups, bridging applications as well as libraries such as the Microsoft Ajax Library or jQuery without a constraint on their design," - Bertrand Le Roy, senior program manager at Microsoft

"At JackBe we are incorporating this technology into Presto, JackBe's enterprise mashup platform, to enhance our offering and provide even greater security support for our enterprise customers," - Deepak Alure, JackBe vice president of engineering and product management

Hub 2.0 also features a test suite and customization capabilities. An open source mashup assembly application has been developed by the alliance to show how to build a browser-based mashup application that uses Hub 2.0 and OpenAjax Widgets.

Create data driven applications in Qlik’s free and easy to use coding environment, brought to you in partnership with Qlik.

Topics:

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}