News

IBM Unveils 'Secure Mashups'

IBM today described a new "secure mashup" technology for the enterprise that is designed to make it easier for nontechnical users to create Web applications from multiple sources. Code-named "SMash," it's designed to create situational applications using "Web sites, enterprise databases or e-mails," according to IBM's announcement.

In addition, IBM plans to contribute the SMash technology to the OpenAjax Alliance, a coalition of vendors and open source organizations that focus on AJAX interoperability issues to enable dynamic Web applications. IBM itself is a founding member of the alliance, along with 14 other companies, such as BEA, the Eclipse Foundation and Novell, among others.

IBM also plans to integrate its SMash technology into a commercial version called IBM Lotus Mashups. The Lotus Mashups product is expected to appear this summer.

IBM identifies a key security issue with mashups as "keeping code and data from each of the sources separated." The company suggests that the sharing of the data should be controlled using a "secure communication channel," according to the announcement.

Mashups are sometimes linked with Web 2.0 collaboration tools, although technically Mashups are any association of applications, data and even Web services combined in a single user interface, typically a Web-based application or rich Internet application. Web 2.0 technologies are often associated with enhancing communication and collaboration. One such tool, instant messaging, gained entrance into the enterprise as a tool that first saw use by the general public. Other such Web 2.0 tools include wikis, blogs and RSS feeds.

However, security for such Web 2.0 tools has gotten a bad rap. A KPMG survey of 472 executives found that half of them viewed security problems as a limiting factor in the uptake of Web 2.0-type tools in the enterprise.

In general, Web applications currently represent the largest security hole, according to a report by security firm Cenzic. A SANS Institute report described the problem as follows: "Web 2.0 applications are vulnerable because user-supplied data cannot be trusted; your script running in the users' browser still constitutes 'user supplied data.'

The SANS Institute report predicts that Web 2.0 attacks "will grow substantially" in 2008.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured