The OpenAjax Alliance has announced the availability of a Web 2.0 mashup application security tool known as the OpenAjax Hub 2.0.
The group said that security improvements would help firms protect applications against external attacks, and hopes that this reassurance will encourage more development and adoption of such applications on enterprise web sites.
"OpenAjax Hub 2.0 is a major step forward for the OpenAjax Alliance towards its mission of promoting Ajax interoperability," said David Boloker, OpenAjax Alliance steering committee chairman, and chief technology officer for emerging internet technology at IBM.
"In order to realise the potential for mashups across the industry, there needs to be standards. Hub 2.0 defines a key industry standard for how widgets can be isolated into secure containers, and then how widgets can talk to each other through a mediated messaging bus."
Any third-party widgets are split off into secure areas and monitored by a security manager, the group said. Because the widgets are isolated, any risk that they present is mitigated, and security attacks or weaknesses are isolated to that area only. Other features include interoperability features and a test suite for applications.
"OpenAjax Hub 2.0 is a significant technology advancement for enterprise mashups. Hub 2.0 allows companies to realise mashup security and flexibility," said Mikael Orn, director of development at IBM's Mashup Center.
"With OpenAjax Hub 2.0, users or administrators can isolate untrusted third-party widgets into secure sandboxes, preventing information stealing and other malicious acts. The net result is that mashup users can combine company and internal widgets with third-party widgets without compromising security."
OpenAjax Alliance tightens mashup security
By
David Neal
on
Sep 2, 2009 6:25AM

Protects applications against external attack.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see