on behalf of the OpenAjax Alliance

This article provides an introduction to some of the security threats associated with AJAX technologies, particularly when used within mashup scenarios, and then offers a list of recommended best practices. Understanding the Same-Origin Policy One of the foundations of Web security is the "same-origin" policy, which is widely implemented by Web browsers, including the most popular ones (e.g., Internet Explorer, Firefox, Safari, and Opera). Browsers implement the same-origin policy as a protection mechanism in order to isolate Web applications coming from different domains, under the assumption that different domains represent different originators. As a result, if applications in multiple windows or frames are downloaded from different servers, they will not be able to access each other's data and scripts. In the context of XMLHttpRequest, the same-origin policy is i... (more)

OpenAjax Alliance: A Remarkable First Year and Plans for the Future!

The OpenAjax Alliance is a consortium of companies that are active in the AJAX industry. It was founded on May 15, 2006, concluded a governing Members Agreement in October 2006, and now has more than 80 member organizations, including industry giants such as Adobe, BEA, Cisco, ESRI, Fidelity, Google, IBM, Microsoft, Mozilla, Oracle, SAP, and Sun. The alliance's home page at www.openajax.org shows the full list of members. The alliance pursues both technical and marketing initiatives. Its technical initiatives are centered on AJAX interoperability. Its marketing initiatives focus... (more)

Introducing OpenAjax Hub 1.0

The OpenAjax Alliance is an organization of leading vendors, open source projects, and companies using AJAX that are dedicated to the successful adoption of open and interoperable AJAX-based Web technologies. This article introduces the alliance's first major technical product, OpenAjax Hub 1.0. The OpenAjax Hub is a set of standard JavaScript that, when included with an AJAX-powered Web application, promotes the ability for multiple AJAX toolkits to work together on the same page. The central feature of the OpenAjax Hub is its publish/subscribe event manager (the "pub/sub manage... (more)

AJAX & RIA Journal Special: Results of OpenAjax Alliance's Browser Feature Wish List

What does the Ajax community want from future browsers? How are these different requests prioritized? Web developers have done amazing things with Ajax for both Web 1.0 and Web 2.0 applications, but what barriers need to be removed to enable the next generation of browser-based innovations? The future of Ajax runtime environments matters more than ever today.  In late 2007, OpenAjax Alliance formed the Runtime Task Force (http://www.openajax.org/member/wiki/Runtime) to address this community concern. The goal is to collect, articulate, and prioritize key issues from the Ajax comm... (more)