News

IBM Unveils 'Secure Mashups'

IBM today described a new "secure mashup" technology for the enterprise that is designed to make it easier for nontechnical users to create Web applications from multiple sources. Code-named "SMash," it's designed to create situational applications using "Web sites, enterprise databases or e-mails," according to IBM's announcement.

In addition, IBM plans to contribute the SMash technology to the OpenAjax Alliance, a coalition of vendors and open source organizations that focus on AJAX interoperability issues to enable dynamic Web applications. IBM itself is a founding member of the alliance, along with 14 other companies, such as BEA, the Eclipse Foundation and Novell, among others.

IBM also plans to integrate its SMash technology into a commercial version called IBM Lotus Mashups. The Lotus Mashups product is expected to appear this summer.

IBM identifies a key security issue with mashups as "keeping code and data from each of the sources separated." The company suggests that the sharing of the data should be controlled using a "secure communication channel," according to the announcement.

Mashups are sometimes linked with Web 2.0 collaboration tools, although technically Mashups are any association of applications, data and even Web services combined in a single user interface, typically a Web-based application or rich Internet application. Web 2.0 technologies are often associated with enhancing communication and collaboration. One such tool, instant messaging, gained entrance into the enterprise as a tool that first saw use by the general public. Other such Web 2.0 tools include wikis, blogs and RSS feeds.

However, security for such Web 2.0 tools has gotten a bad rap. A KPMG survey of 472 executives found that half of them viewed security problems as a limiting factor in the uptake of Web 2.0-type tools in the enterprise.

In general, Web applications currently represent the largest security hole, according to a report by security firm Cenzic. A SANS Institute report described the problem as follows: "Web 2.0 applications are vulnerable because user-supplied data cannot be trusted; your script running in the users' browser still constitutes 'user supplied data.'

The SANS Institute report predicts that Web 2.0 attacks "will grow substantially" in 2008.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.

Most   Popular