Some of my IBM colleagues in the emerging technologies asked me to mention something they introduced last week – SMash, for Secure Mashups.
The basic idea is this. In Web 2.0 people frequently use AJAX components or services from several sources and then mash them together into a full application. For example, you might have one service that gives a localized directory of physicians and then combine this with Google Maps to have a visual “find local doctors application.”
As this gets more sophisticated, there are some natural questions to ask:
- Where are these components/services coming from?
- Do I trust the providers?
- Can the data from one service be taken without my knowledge and given to another service?
- Can I guarantee the security and privacy of my application to my customers?
SMash is an attempt to deal with these issues. The technology has been donated to the OpenAjax Alliance. Here are some resources to learn more:
- Some Wikipedia entries: Web 2.0, AJAX, mashup
- Press release: “MADE IN IBM LABS: IBM Cracks Web 2.0 Security Concerns With ‘SMash'”
- Network Computing: “Can IBM SMash Enterprise Mashup Security Fears?”
- InfoWorld: “IBM moves on secure mashups: Big Blue promotes interoperability with donation of SMash technology to OpenAjax Alliance”
- internetnews.com:“IBM Aims to ‘SMash’ Web 2.0 Threats”
- CIO: “IBM Creates Code to Secure Mashups For Business Use”
- IBM Web 2.0 activities
While I’m at it, here’s a general plug for IBM’s developerWorks site which has a lot of information about new technologies.