IBM introduces secure mashups

'smash' unveiled

IBM has unveiled technology to secure mashups and is donating it to the OpenAjax Alliance, which promotes AJAX (Asynchronous JavaScript and XML) interoperability.

Through IBM's SMash (secure mashup) technology, streams of information from different sources can communicate with each other, but the sources are kept separate to prevent the spread of malicious code. SMash keeps code and data from each of the sources separated while allowing controlled sharing of data through a secure communication channel.

Mashups are defined by IBM as web applications that pull information from multiple sources such as websites, databases and email to present a single view. But mashups have been beset by security risks, IBM says.

"What we were striving for was to have [mashups] interact with other information on a page in a secure manner," says David Boloker, CTO of emerging internet technologies in the IBM software group.

SMash prevents information from one domain trying to access information on the page, Boloker says. But developers can allow access if they choose.

"[It] allows you to communicate with other parts of your web page in a secure manner," he says.

"You're preventing JavaScript coming from another site taking over control of the web page and not only taking control of the Web page, they could be trying to deliver erroneous information, could be trying to erase files on your hard drive, anything like that."

The technology is to become part of OpenAjax Hub 1.1, which goes to general release in June, Boloker says.

Forrester analyst Jeffrey Hammond says "I think SMash could potentially address a need in the AJAX market — namely, enabling safer client-side cross-domain access to multiple sites.

"This client-side cross-domain access pattern is becoming increasingly popular when developers want to mix in technology from multiple sites, but don't feel comfortable importing that code into their server domains."

Building on top of OpenAjax Hub is a strength of SMash, Hammond says.

Join the newsletter!

Error: Please check your email address.

Tags IBMtechnologysecure mashups

Show Comments
[]