[OpenAjaxSecurity] Wiki page created for white paper on "Ajax and Mashup Security"

Jon Ferraiolo jferrai at us.ibm.com
Thu Jul 19 11:37:42 PDT 2007

I have completed the first steps towards a white paper on "Ajax and Mashup
Security". As has been discussed in the Marketing and Security committees,
the proposed plan is to develop this white paper as a joint effort between
the Marketing WG and the Security TF.

Here is the white paper as it stands today:
* http://www.openajax.org/member/wiki/WP3_-_Ajax_and_Mashup_Security

Here is what I am thinking about the process for finishing this white

Early phase:
* Security TF does most of the work.
* Marketing WG monitors and offers high-level feedback

Late phase:
* Marketing WG performs detailed editorial review
* Marketing WG authorizes publishing to the OpenAjax web site as an
official white paper and for use within magazine articles
* Security TF participates in these discussions and complains if it sees
something it doesn't like (which is unlikely)

This white paper might proceed quickly, and there are advantages with
speed. The reason why the white paper might proceed quickly is that some
IBM researchers have already written a very nice article and we have
permission from the authors and IBM to create a derivative work so long as
we include the notice "First published by IBM developerWorks at
http://www.ibm.com/developerWorks/." The advantage of moving quickly is
that we have an opportunity to publish the article in the September edition
of AJAXWorld magazine, which will be distributed to all attendees of the
AJAXWorld conference. Getting this article into the magazine would be a
benefit to the community and would be a big plus towards promoting

My opinion is that with a small amount of effort in the next few weeks, we
can complete this white paper in time for AJAXWorld magazine. The deadline
is a bit slippery, where they would like the articles submitted by July 31
but have given good indication that mid August probably is soon enough. I
believe the original article is nearly suitable in its original form, with
only minor changes needed to adapt for appropriateness for OpenAjax
Alliance. I inserted my list of recommended changes (highlight in red) onto
the wiki page for the article.

If anyone sees any problems with this approach, please speak up via email
or speak up during one of the next telecons (i.e., Marketing telecon or
Security telecon).


PS: Regarding AJAXWorld magazine, I also promised two other articles, an
update on where things stand with OpenAjax Alliance (probably steal content
from my latest slide decks and from http://www.openajax.org/about.html),
and another article on the OpenAjax Hub (probably repurpose content from
http://www.openajax.org/OpenAjax%20Hub.html, which we developed within the
marketing committee recently). There is also a small chance of an AJAXWorld
article on Mobile Ajax.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/security/attachments/20070719/eefc73c1/attachment.html 

More information about the security mailing list