OpenAjax Hub 2.0 Press Coverage

Blogged by: Jon Ferraiolo on August 31, 2009 at 5:13 pm

The OpenAjax Alliance announced today, with a press release, the approval and availability of OpenAjax Hub 2.0 as an industry standard for more secure Web 2.0 mashup applications. Advances in security in Hub 2.0 can help protect enterprise mashups from malicious intent, giving IT staff greater confidence in adding these features to their Web sites. The announcement included supportive quotes from member organizations IBM, Jackbe, Microsoft, Programmable Web RadWebTech, Software AG and TIBCO and was covered by numerous trade magazines, including Infoworld, eWeek, SDTimes and, in Germany, Heise Online.

OpenAjax Hub 2.0 was developed over the past two years at OpenAjax Alliance, an organization dedicated to the adoption of open and interoperable Ajax technologies. Ajax is Web development technology based on HTML and JavaScript that runs mashups, widgets and gadgets. Mashups allow business users to drag and drop “mashed up” components to create customized Web applications in minutes.

The major addition to Hub 2.0 is a JavaScript Library for Secure Enterprise Mashups created to better protect widgets and mashups from hackers and malicious intent. It addresses concerns among IT managers that may have inhibited adoption of mashup software within companies.

Hub 2.0 isolates third-party widgets into secure sandboxes and mediates messaging among the widgets with a security manager. For example, suppose a Web site includes a third-party calendar widget. That widget itself might be malicious or might become malicious if its code has vulnerabilities that allow a site to hijack the widget. Malicious widgets could transmit hijacked data to a scamming web site or piggyback user credentials to read and write from company servers.

Hub 2.0 prevents attacks by isolating untrusted widgets from the main application and other widgets, and by preventing access to user credentials. It protects against widget hijacking due to its features around careful widget loading and unloading and message integrity.

Hub 2.0 consists of two main parts, a specification and an open source implementation.

  • The Hub 2.0 Specification has been recently approved by the members of OpenAjax Alliance as an Ajax industry standard. The specification defines standardized JavaScript APIs for secure mashups and will result in cross-vendor interoperability among mashup tools and mashup components.
  • The alliance has also developed an open source implementation of the Hub 2.0 specification. The open source implementation is written in browser JavaScript and is compatible with all popular desktop browsers.

This announcement is part of a broader set of initiatives at OpenAjax Alliance to accelerate customer success using Ajax. In addition to OpenAjax Hub, the alliance is working on a companion mashup initiative, OpenAjax Widgets, which defines an Ajax interoperability standard for Ajax widgets, and is scheduled for approval in the coming months.

Hub 2.0 also includes a comprehensive test suite and provides an extensibility architecture that allows software vendors and enterprise customers to customize and extend to meet particular needs. The specification and open source have been designed with enterprise performance requirements in mind. The Hub 2.0 technology includes a fast-performance option for trusted widgets (e.g., widgets developed by the company’s own IT department) which allows internal company mashups at scale.

Big News With SVG – Google Helps to Bring SVG to IE, Hosts SVG Open Oct 2-4

Blogged by: Jon Ferraiolo on August 23, 2009 at 8:17 pm

In 2008, OpenAjax Alliance led an industry-wide browser wishlist initiative, where Ajax industry leaders produced a prioritized list of features that Ajax developers needed in future browsers. The top feature on that list was ubiquitous support for 2D vector graphics in the form of SVG and Canvas.

There is good news and bad news on the 2D graphics front today. The good news is that 4 out of 5 major browsers (Chrome, Firefox, Opera and Safari) not only support both SVG and Canvas, but have made significant advances in the past 12 months to add features and improve performance.

The bad news is that IE supports neither. Because IE has majority market share, Ajax developers who are determined to use standards-based 2D graphics have been forced to use create JavaScript wrapper libraries for 2D graphics such as dojo.gfx, which renders using SVG on Chrome, Firefox, Opera and Safari, and renders using VML on IE. Unfortunately, VML has such slow rendering performance that many 2D applications are not viable on a cross-browser basis.

The big news is that Google has teamed with the open source community to produce a phenomenal project called SVGWeb which brings SVG to IE. The SVGWeb project achieves its magic by rendering using native browser SVG engines when available (i.e., Chrome, Firefox, Opera and Safari) and then parsing and rendering SVG on IE by leveraging Flash under the hood. Note that the Flash plugin ships with every copy of Windows, so wherever IE is, Flash is available. What this means is that standards-compliant vector graphics via SVG is now available across all browsers.

SVGWeb is an amazingly complete implementation of SVG 1.1. It includes support for nearly all of SVG graphics features, its interactive features (e.g., mouse events) and its animation features. Additionally, the community has added support for audio and video (using markup from SVG Tiny 1.2).

Besides playing a leadership role with the SVGWeb project, Google is also offering its facilities to host the SVG Open conference, which will take place at Google’s Mountain View on October 2-4. (Note: OpenAjax Alliance is a conference sponsor.)

I strongly recommend that people sign up for this conference, particularly people who live in the San Francisco Bay Area. Attendance fees are very reasonable ($320 normal, $160 for students). Most of the conference occurs on the weekend. The theme is “SVG – Coming of Age”, which is clearly appropriate since, thanks to SVGWeb, SVG is now available across all major browsers.