OpenAjax Alliance Announces New Initiatives for Secure Mashups and Mobile Ajax

Industry Consortium on Ajax Development Further Commits to Security; Announces Interoperability Awards

SANTA CLARA, CA--(September 24, 2007) - OpenAjax Alliance, an organization dedicated to the successful adoption of open and interoperable Ajax-based Web technologies, today revealed new initiatives for secure mashups and mobile Ajax, as well as a new white paper on Ajax security.

Ajax is the technology behind the increasingly popular "mashup," a website or application that combines content from more than one source into an integrated experience. As Ajax and mashups continue to gain widespread acceptance under the Web 2.0 umbrella, it is critical for organizations to understand these threats and to avoid them by adhering to some best practices.

The alliance has released a new white paper titled "Ajax and Mashup Security," which summarizes the ways in which Ajax applications could be attacked and provides a set of best practice techniques to address each of the vulnerability areas. Available at, the white paper represents the collaborative efforts of Ajax security experts from multiple companies, and was a joint effort by the OpenAjax Alliance Security committee and the Marketing Working Group.

"Getahead is delighted to see the progress the OpenAjax Alliance is making particularly with regard to security and secure mashups," said Joe Walker, creator of Direct Web Remoting and president of Getahead. "The DWR project has long been a strong advocate of better Ajax security, so this advance is great news."

"ICEsoft has long recognized that security for enterprise class applications is a critical requirement," said Robert Lepack, VP of Marketing for ICEsoft Technologies. "We view the publication of the Open Ajax White paper 'Ajax and Mashup Security,' to be an important step in the ongoing need to both educate customers on the potential security risks of Ajax applications and the best practices described in the paper to be a key step toward developing much needed standards."

In addition to a strong focus on security, the OpenAjax Alliance is holding InteropFest 1.0 , which is the final integration testing phase of OpenAjax Hub 1.0. OpenAjax Hub is a small JavaScript library that allows multiple Ajax toolkits to work together on the same page. The central feature is a publish/subscribe event manager, which enables loose assembly and integration of Ajax components. OpenAjax Alliance will deliver both an open specification and a reference open source implementation. Standards are the key to interoperability, and allow the true possibilities of Ajax and Web 2.0 to be realized.

"To further advance the Ajax ecosystem, OpenAjax Alliance members together are developing a standard way to describe Ajax controls and their programmatic interfaces so that it becomes easier for developers to use Ajax libraries with development tools," said Kevin Hakman, director, TIBCO Software Inc. and Chair of the Alliance IDE Working Group. "We're on pace to have an Ajax control description specification ready for early 2008."

Simultaneous with finalization activities on OpenAjax Hub 1.0, the alliance has begun work on OpenAjax Hub 1.1, which will extend OpenAjax Hub to add support for secure mashups and to enable mediated Comet-style client-server messaging. As with OpenAjax Hub 1.1, the alliance will deliver both a specification and a commercial-quality open source reference implementation. The secure mashup features of OpenAjax Hub 1.1 will isolate mashup components in secure "sandboxes" and use the OpenAjax Hub's publish/subscribe features to achieve mediated cross-component messaging.

The alliance has also launched its new Mobile Ajax committee, which will focus on both educational materials and technical standards. As part of its Mobile Ajax efforts, OpenAjax Alliance is co-sponsoring a Workshop on Mobile Ajax on Friday September 28 in partnership with the World Wide Web Consortium (W3C).

"In its first year of existence, the organization has a remarkable record of achievement on key issues facing the Ajax industry," said David Boloker, OpenAjax Alliance Steering Committee Chairman. "OpenAjax Hub 1.0 and the InteropFest are key achievements towards driving cross-vendor interoperability. The new white paper on Ajax security issues is an important educational milestone. The next year promises other advances, including white papers, technical standards and open source across multiple issues including Ajax IDEs, secure mashups, client-server communications, and mobile Ajax."

Also a part of InteropFest 1.0, interoperability certificates will be awarded to the following member organizations for their participation in OpenAjax InteropFest 1.0: 24SevenOffice, Apache XAP, Dojo Foundation, ILOG, Getahead, IT Mill, Lightstreamer, Microsoft, Nexaweb, Open Link, Open Spot, Software AG and TIBCO. The interoperability event requires integration of an organization's Ajax toolkit with the OpenAjax Hub and at least one other Ajax component, where cross-component messaging is accomplished using the OpenAjax Hub.

Ajax Conformance Award Recipient Quotes

"Developing an Ajax-based ERP/CRM-system for accountants and others accustomed to functionality and responsiveness in a traditional desktop application, we have focused on features and speed improvements," said Espen Antonsen, System Developer, 24SevenOffice. "Cross-platform issues have in the past been marginalized due to time constraints. Now with new Ajax-toolkits emerging and the OpenAjax interoperability we can achieve cross-platform easier and quicker."

"It's great to be part of the OpenAjax Alliance to work with other leading toolkits to ensure interoperability. DWR and TIBCO General Interface have a history of working well together, but it's great to have a forum to extend this interoperability," said Joe Walker, creator of Direct Web Remoting and president of Getahead.

"For the past 20 years, ILOG develops and markets data display components that need to integrate smoothly with existing systems," said Jean Francois Abramatic, ILOG Chief Product Officer. "OpenAjax Hub 1.0 and the InteropFest are key milestones to facilitate Ajax application development, and ILOG sees the benefits and is committed to cross-vendor interoperability."

"As Ajax technology matures, the need for standardized interfaces becomes more clear," said Jani Laakso, Product Manager of IT Mill, a member organization. "The OpenAjax Hub provides a convenient way of integrating new components and widgets on top of IT Mill Toolkit. This is an essential feature for our customers who want to incorporate other Ajax libraries into their applications built with IT Mill Toolkit."

"Interoperability is a key driving factor for choice and furthering the advancement of the Open Web," said Dylan Schiemann, CEO of SitePen, and co-founder of the Dojo Toolkit. "Since inception, the Dojo Toolkit has considered it a top priority to work well with other JavaScript code and toolkits, and we are pleased to receive this award recognizing our efforts."

"Lightstreamer is focused on delivering a high performance and reliable Comet engine on the server side," said Alessandro Alinone, CTO at Lightstreamer, a member of OpenAjax Alliance. "There are plenty of Ajax toolkits and frameworks that can consume real-time events on the client side. OpenAjax Hub will enable us to be interoperable with them all. To sum up the paradigm, Lightstreamer Server disseminates real-time data to the browsers; the data is received by the OpenAjax Hub, that in turn delivers it to any Ajax components in the page."

"As an early adopter and promoter of standards compliant data access and integration middleware across the enterprise and emerging Semantic Data Web, OpenLink Software is excited about the opportunity to continue demonstrating its middleware prowess and leadership through the Interop 1.0 challenge of the OpenAjax Alliance," said Kingsley Idehen, Founder and CEO of OpenLink Software. "OpenLink extends its dedication to advanced platform independent middleware technologies without vendor lock-in through it's membership in the OpenAjax Alliance and as expressed via our evolving product portfolio including the OpenLink Ajax Toolkit, Ajax Database Connectivity, and a collection of data oriented Rich Internet Applications that offer full OpenAjax compliance."

"With the OpenAjax Hub, data analytical packages such as our ajaXcel spreadsheet and charting engine will be interoperable with numerous third party GUI toolkits and back-end data services," said Gideon Lee, president of OpenSpot. "This may well motivate the domain experts and power users who were previously challenged by RIA development to start seriously adopting it, bringing forth real-world solutions that are not merely richer in awe-factor but also delivering richer information analysis with significant bottom line impact."

"As the development of applications for business productivity shifts from writing gobs of code to the faster processes of assembling solutions from ready-made parts and services, interoperability of those parts is a key ingredient," said Kevin Hakman, co-founder of TIBCO's open source Ajax toolkit: TIBCO General Interface, and Director of developer evangelism for TIBCO. "An Ajax ecosystem with components conforming to baseline standards will provide more component choices and further accelerate development speed while allowing customers to continue to leverage the Web browser as a ubiquitous, open platform."

"By eliminating latency while delivering a richer and more intuitive user experience, AJAX enables the development of applications that more closely conform to actual end-user requirements," said Dr. Peter Kürpick, President and Chief Product Officer of the webMethods business line at Software AG. "We also recognize the critical role that standards-based interoperability plays in enabling the more complex and interactive composite applications that enterprises are embracing today. Recognizing this importance, Software AG is a proud supporter of the OpenAjax Alliance's efforts to improve the interoperability of AJAX-based technologies."

About OpenAjax Alliance

The OpenAjax Alliance is an organization of leading vendors, open source projects, and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. The prime objective of the group is to accelerate customer success with Ajax by promoting a customer's ability to mix and match solutions from Ajax technology providers and to help drive the future of the Ajax ecosystem. To learn more about OpenAjax Alliance, please visit:

All product and company names herein may be trademarks of their respective owners.