From MemberWiki

Contents 1 SOURCE: OpenAjax Alliance 2 OpenAjax Alliance Announces OpenAjax Hub 2.0 - JavaScript Library for Secure Enterprise Mashups 2.1 Ajax consortium approves OpenAjax Hub 2.0 as an industry standard for secure mashups 2.1.1 Quotes:

SOURCE: OpenAjax Alliance

OpenAjax Alliance Announces OpenAjax Hub 2.0 - JavaScript Library for Secure Enterprise Mashups

Ajax consortium approves OpenAjax Hub 2.0 as an industry standard for secure mashups

SAN JOSE, Calif. -- August ??, 2009 -- The OpenAjax Alliance announced today the approval of OpenAjax Hub 2.0 (Hub 2.0) as an industry standard for secure mashups. Hub 2.0 addresses security challenges that until now have prevented Enterprise mashups from realizing their full potential.

Hub 2.0 consists of two main parts, a specification and an open source implementation. The Hub 2.0 Specification has been recently approved by the members of OpenAjax Alliance as an Ajax industry standard. The specification defines standardized JavaScript APIs for secure mashups and will result in cross-vendor interoperability among mashup tools and mashup components. The alliance has also developed an open source implementation of the Hub 2.0 spec. The open source implementation is written in browser JavaScript and is compatible with all popular desktop browsers.

Hub 2.0 isolates third party widgets (potentially malicious) into secure sandboxes and mediates messaging among the widgets with a security manager. These security techniques address the primary security concerns among IT managers that have until now inhibited adoption of mashup software within companies.

A major addition to Hub 2.0 is the ramped up security features that better protect widgets and mashups from hackers and malicious intent. For example, suppose a web site includes a 3rd party calendar widget. The 3rd party widget itself might be malicious, or might become malicious if its code has vulnerabilities that allow malicious sites to hijack the widget. Malicious widgets might transmit hijacked data to a scamming web site or piggyback user credentials to read and write from company servers. Hub 2.0 prevents these attacks by isolating untrusted widgets from the main application and other widgets and by preventing access to user credentials. Hub 2.0 includes various protections against widget hijacking due to its features around careful widget loading and unloading and message integrity.

This announcement is part of a broader set of initiatives at OpenAjax Alliance to accelerate customer success with the Web 2.0 technologies known as Ajax (i.e., standards-based HTML and JavaScript). In addition to OpenAjax Hub, the alliance is working on a companion mashup initiative, OpenAjax Widgets, which defines an Ajax interoperability standard for Ajax widgets, and which is scheduled for approval in the coming months.

OpenAjax Hub 2.0 was developed over the past two years at OpenAjax Alliance. The technology was validated in late 2008 during a multi-vendor interoperability event, and then revised in early 2009 to allow straightforward integration with other industry mashup technologies, particularly OpenSocial technologies. It has now been finalized and approved for release.

Hub 2.0 also includes a comprehensive test suite and provides an extensibility architecture that allows software vendors and Enterprise customers to customize and extend to meet particular needs. The specification and open source have been designed with Enterprise performance requirements in mind. The Hub 2.0 technology includes a fast-performance option for trusted widgets (e.g., widgets developed by the company’s own IT department) which allows internal company mashups at scale. The security features in Hub 2.0 build from the Secure Mashup (SMash) open source contribution from IBM Research to OpenAjax Alliance that was announced in 2008.

To help vendors deploy Hub 2.0, the alliance has written two white papers, "Introducing OpenAjax Hub 2.0 and Secure Mashups" and "OpenAjax Hub 2.0 and Mashup Assembly Applications" (available at www.openajax.org). The alliance also has developed an open source mashup assembly application that showcases how to create a browser-based mashup application that uses OpenAjax Hub 2.0 and OpenAjax Widgets as the key technologies within the application.

<<SUPPORTIVE QUOTES FROM COMPANIES AND INDIVIDUALS>> Preference for the following:

• Vendors or open source projects who are including Hub 2.0 in their products
• Customers who will be using Hub 2.0 to achieve secure mashups
• Well-known industry leaders who can comment on the importance of this announcement
• Perhaps a quote from Jon Ferraiolo or David Boloker on behalf of OpenAjax Alliance about importance of this announcement

The OpenAjax Alliance is an organization of vendors, open source projects and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. OpenAjax members include more than 100 organizations including Adobe, the Eclipse Foundation, Google, IBM and Microsoft working towards the mutual goal of accelerating customer success with Ajax. The prime objective of the group is to accelerate customer success with Ajax by promoting a customer's ability to mix and match solutions from Ajax technology providers and to help drive the future of the Ajax ecosystem. To learn more about OpenAjax Alliance, please visit: www.openajax.org

Quotes:

(Various supportive quotes from OpenAjax Alliance members)