SMash open source contributed to OpenAjax

Blogged by: Jon Ferraiolo on September 12, 2007 at 2:59 pm

IBM Research has contributed an important and major set of open source technology called “SMash” (secure mashups) to OpenAjax Alliance. SMash is a set of technique and open source JavaScript that runs in today’s browsers (without extensions or plugins) and enables secure handling of 3rd party mashup components.

SMash accomplishes its magic by placing mashup components in separate IFRAMEs (each using a different sub-domain). Cross-frame communications in today’s browsers is accomplished using the window.location fragment identifier. The highest level mashup application manages all communications between itself and among the mashup components. Although the initial version uses window.location, the SMash APIs are independent of any particular implementation approach and will still work if/when browsers add native support for secure cross-frame messaging.

OpenAjax Alliance is investigating the use of SMash techniques in order to deliver the secure mashup capabilities that are planned for OpenAjax Hub 1.1.

Ajax and Mashup Security white paper

Blogged by: Jon Ferraiolo on September 12, 2007 at 2:50 pm

Today we uploaded our 5th OpenAjax white paper, “Ajax and Mashup Security” (/whitepapers/Ajax%20and%20Mashup%20Security.html). This white paper was a collaborative effort between the members of the Security Task Force and the Marketing Working Group. The security experts authored the original contents. The marketing team edited the document before publishing it.

A condensed version of the white paper was published today at AJAXWorld magazine (online edition) at