In association with heise online

31 August 2009, 09:51

Secure integration of Ajax widgets into websites

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

OpenAjax Alliance logo The OpenAjax Alliance has published version 2.0 of its "OpenAjax Hub" specification for secure interaction between JavaScript widgets. OpenAjax Hub defines standardised programming interfaces for secure mashups and specifications for interoperability between mashup tools and components. It defines methods for securely isolating third party widgets and the process for communicating between widgets via a security manager.

For example, when integrating a third party calendar application into a website, an entry point for attackers to penetrate the website might be inadvertently created. By isolating widgets in a sandbox according to the Hub 2.0 specification, the risk of penetration into the rest of the application is removed.

The OpenAjax Alliance is a federation made up of around 100 companies, including Adobe, Google, SAP and Software AG, and other projects, with the objective of promoting Ajax development. The Alliance was founded by IBM in early 2006. The Alliance has previously provided an open source, Apache 2.0 licensed, JavaScript library as an reference. The library now implements version 2.0 of the specification and can be downloaded from


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit