News

IBM Unveils 'Secure Mashups'

IBM today described a new "secure mashup" technology for the enterprise that is designed to make it easier for nontechnical users to create Web applications from multiple sources. Code-named "SMash," it's designed to create situational applications using "Web sites, enterprise databases or e-mails," according to IBM's announcement.

In addition, IBM plans to contribute the SMash technology to the OpenAjax Alliance, a coalition of vendors and open source organizations that focus on AJAX interoperability issues to enable dynamic Web applications. IBM itself is a founding member of the alliance, along with 14 other companies, such as BEA, the Eclipse Foundation and Novell, among others.

IBM also plans to integrate its SMash technology into a commercial version called IBM Lotus Mashups. The Lotus Mashups product is expected to appear this summer.

IBM identifies a key security issue with mashups as "keeping code and data from each of the sources separated." The company suggests that the sharing of the data should be controlled using a "secure communication channel," according to the announcement.

Mashups are sometimes linked with Web 2.0 collaboration tools, although technically Mashups are any association of applications, data and even Web services combined in a single user interface, typically a Web-based application or rich Internet application. Web 2.0 technologies are often associated with enhancing communication and collaboration. One such tool, instant messaging, gained entrance into the enterprise as a tool that first saw use by the general public. Other such Web 2.0 tools include wikis, blogs and RSS feeds.

However, security for such Web 2.0 tools has gotten a bad rap. A KPMG survey of 472 executives found that half of them viewed security problems as a limiting factor in the uptake of Web 2.0-type tools in the enterprise.

In general, Web applications currently represent the largest security hole, according to a report by security firm Cenzic. A SANS Institute report described the problem as follows: "Web 2.0 applications are vulnerable because user-supplied data cannot be trusted; your script running in the users' browser still constitutes 'user supplied data.'

The SANS Institute report predicts that Web 2.0 attacks "will grow substantially" in 2008.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • First Chromium-Based Edge Browser Beta Release Now Available

    Microsoft Edge Insider Program participants now have access to the Beta Channel release of Microsoft's Chromium-based Edge Web browser on the Windows and Mac platforms.

  • Microsoft Planning To Answer Windows Virtual Desktop Questions Next Week

    Microsoft has set aside time to answer questions about its emerging Windows Virtual Desktop service on Wednesday of next week, according to an announcement.

  • With EPYC Rome Chips, AMD Could Eclipse Intel in Datacenter

    AMD's high-profile EPYC 7002 launch has datacenter analysts wondering if the end of Intel's long reign is nigh.

  • Microsoft Buys jClarity for Azure-Based Java Workloads

    In a bid to support its "continued contributions to open source while driving increased performance for Java workloads on Azure," Microsoft on Monday announced its acquisition of jClarity.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.