News

IBM Unveils 'Secure Mashups'

IBM today described a new "secure mashup" technology for the enterprise that is designed to make it easier for nontechnical users to create Web applications from multiple sources. Code-named "SMash," it's designed to create situational applications using "Web sites, enterprise databases or e-mails," according to IBM's announcement.

In addition, IBM plans to contribute the SMash technology to the OpenAjax Alliance, a coalition of vendors and open source organizations that focus on AJAX interoperability issues to enable dynamic Web applications. IBM itself is a founding member of the alliance, along with 14 other companies, such as BEA, the Eclipse Foundation and Novell, among others.

IBM also plans to integrate its SMash technology into a commercial version called IBM Lotus Mashups. The Lotus Mashups product is expected to appear this summer.

IBM identifies a key security issue with mashups as "keeping code and data from each of the sources separated." The company suggests that the sharing of the data should be controlled using a "secure communication channel," according to the announcement.

Mashups are sometimes linked with Web 2.0 collaboration tools, although technically Mashups are any association of applications, data and even Web services combined in a single user interface, typically a Web-based application or rich Internet application. Web 2.0 technologies are often associated with enhancing communication and collaboration. One such tool, instant messaging, gained entrance into the enterprise as a tool that first saw use by the general public. Other such Web 2.0 tools include wikis, blogs and RSS feeds.

However, security for such Web 2.0 tools has gotten a bad rap. A KPMG survey of 472 executives found that half of them viewed security problems as a limiting factor in the uptake of Web 2.0-type tools in the enterprise.

In general, Web applications currently represent the largest security hole, according to a report by security firm Cenzic. A SANS Institute report described the problem as follows: "Web 2.0 applications are vulnerable because user-supplied data cannot be trusted; your script running in the users' browser still constitutes 'user supplied data.'

The SANS Institute report predicts that Web 2.0 attacks "will grow substantially" in 2008.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Adds Privileged Identity Management Delegation to Azure Lighthouse

    The commercial release of Privileged Identity Management (PIM)-enabled Azure Lighthouse delegations is now available, Microsoft on Monday announced.

  • Microsoft Commercially Releases Entra Workload Identities

    Microsoft announced on Monday that its Entra Workload Identities service is now available as a commercial product offering, having reached the "general availability" stage.

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • OpenSSF Adopts Microsoft Open Source Software Security Guidelines

    The Open Source Security Foundation (OpenSSF) announced on Wednesday that it has adopted the Secure Supply Chain Consumption Framework (S2C2F) for ensuring the secure use of open source software (OSS) by developers.