The OpenAjax Alliance announced the approval and availability of OpenAjax Hub 2.0 as an industry standard for more secure Web 2.0 mashup applications. Advances in security in Hub 2.0 can help protect enterprise mashups from malicious intent, giving IT staff greater confidence in adding these features to their Web sites.

OpenAjax Hub 2.0 was developed over the past two years at OpenAjax Alliance, an organization dedicated to the adoption of open and interoperable Ajax technologies. Ajax is Web development technology based on HTML and JavaScript that runs mashups, widgets and gadgets. Mashups allow business users to drag and drop “mashed up” components to create customized Web applications in minutes.

The major addition to Hub 2.0 is a JavaScript Library for Secure Enterprise Mashups created to better protect widgets and mashups from hackers and malicious intent. It addresses concerns among IT managers that may have inhibited adoption of mashup software within companies.

“OpenAjax Hub 2.0 is a significant technology advancement for enterprise mashups,” said Mikael Orn, director of development for IBM Mashup Center. “Hub 2.0 allows companies to realize both mashup security and flexibility. With OpenAjax Hub 2.0, users or administrators can isolate untrusted third-party widgets into secure sandboxes, preventing information stealing and other malicious acts. The net result is that mashup users can combine company-internal widgets with third-party widgets without compromising security.”

Hub 2.0 consists of two main parts, a specification and an open source implementation.
The Hub 2.0 Specification has been approved by the members of OpenAjax Alliance as an Ajax industry standard. The specification defines standardized JavaScript APIs for secure mashups and will result in cross-vendor interoperability among mashup tools and mashup components.
The alliance has also developed an open source implementation of the Hub 2.0 specification. The open source implementation is written in browser JavaScript and is compatible with all popular desktop browsers.

Hub 2.0 also includes a comprehensive test suite and provides an extensibility architecture that allows software vendors and enterprise customers to customize and extend to meet particular needs. The specification and open source have been designed with enterprise performance requirements in mind. The Hub 2.0 technology includes a fast-performance option for trusted widgets (e.g., widgets developed by the company’s own IT department) which allows internal company mashups at scale. The security features in Hub 2.0 build from the Secure Mashup (SMash) open source contribution from IBM Research to OpenAjax Alliance that was announced in 2008.

The announcement is part of a broader set of initiatives at OpenAjax Alliance to accelerate customer success using Ajax. In addition to OpenAjax Hub, the alliance is working on a companion mashup initiative, OpenAjax Widgets, which defines an Ajax interoperability standard for Ajax widgets, and is scheduled for approval in the coming months.

OpenAjax Hub 2.0 was validated in late 2008 during a multi-vendor interoperability event, and then revised in early 2009 to allow straightforward integration with other industry mashup technologies, particularly OpenSocial technologies. It has been finalized and approved for release.