News

Standards Gain Ground at OpenAjax Alliance

• By Lee Thé
• September 12, 2007

Such talks tend to be lightly attended at developer conferences, following the principle of "no code, no coders." But that's like spending all your time thinking about cars and never paying attention to the roads they run on. "No roads, no cars," after all. And the speaker, Jon Ferraiolo, is a manager and OpenAjax Alliance point man within IBM's Emerging Technologies group. So he lives where the OpenAjax rubber meets the road.

Ferraiolo put a special focus on the OpenAjax Hub, the first major standard to emerge out of OpenAjax Alliance. The Hub -- a small amount of client-side JavaScript -- lets multiple AJAX toolkits participate on the same Web page, such as within a mashup. Ferraiolo also discussed other OpenAjax Alliance work, such as standards activities around AJAX IDEs, Mobile AJAX, AJAX Security, Comet-based client-server communications, the OpenAjax Registry, runtime performance monitoring, and the inception of security and mobile task forces.

Standards and Education
The OpenAjax Alliance was formed to provide technical standards around AJAX interoperability and to provide educational materials. It started by defining AJAX as "the continued evolution of HTML" -- a set of programming techniques delivering desktop-like user interfaces providing rich interactions within the browser. AJAX uses open standards formats natively implemented in the browser without plugins (that is, not Flash, Windows Presentation Foundation, or Java). The key technology piece is AJAX (XMLHttpRequest), but it includes other technologies such as widget libraries, animation effects, layout managers, data binding, Web services, local storage and server push.

The OpenAjax Alliance has thus far spearheaded its efforts through the release of white papers, which were developed collaboratively through the Alliance's internal wiki. The white papers provide guidelines for IT managers showing where AJAX does and does not make sense. The current collection includes:

• "Introducing AJAX and OpenAjax";
• "When Does AJAX Make Business Sense";
• "Next-Generation Applications Using AJAX and OpenAjax"; and
• "Successful Deployment of AJAX and OpenAjax."

A new paper on AJAX and mashup security is due soon. It will summarize the current state of the Web, including the problems of cross-site scripting and request forgery.

The Trouble With Toolkits
According to Ferraiolo, AJAX remained latent (so to speak) until toolkits started emerging, inspired by the success of Google's AJAX-based Google Suggest, GMail and Google Maps. The emergence of toolkits brought AJAX programming within reach of most developers. They featured easy-to-use JavaScript libraries that hid browser dependencies. The toolkits also featured:

• Server integration, such as J2EE/JSF and .NET/ASP;
• Integrated development environment (IDE) integration, such as approximately 10 Eclipse-based AJAX IDEs, Microsoft Atlas/Visual Studio and Dreamweaver; and
• Declarative Markup Language, such as Laszlo/LZK and Nexaweb/XAP.

Today, there are around 200 AJAX toolkits, each with a unique approach and advantages, of which around 50 are open source, although that's a gray area.

Other areas of AJAX toolkit diversity include scale -- from full frameworks to those that target specific functionalities. A wide range of server- to client-side toolkits abound as well, with Yahoo and Dojo exemplifying pure client-side technologies, while the server-side products are usually tied to a particular server (for instance, Microsoft's ties to ASP). And some toolkits stand on HTML's shoulders, while others invent new markup languages.

Ferraiolo said that the toolkit explosion has helped put AJAX on most enterprises' technology roadmaps, and it's resulted in hundreds of commercial AJAX products and dozens of AJAX open source projects. The downside is interoperability problems across all of those AJAX toolkits. Sometimes toolkits step on each other. Rarely do they integrate. Yet you need both interoperability and integration for mashups to work. Moreover, AJAX puts a steep learning curve in front of developers -- hence all of those toolkits. And the abundance of toolkits produces what Ferraiolo calls a "tyranny of choice."

What's Under the Hub?
The Alliance's dream is to provide an OpenAjax Conformance "medallion" that developers can trust to guarantee interoperability. OpenAjax Hub 1.0 provides the first step today, to be followed by Hub 1.1, OpenAjax Registry, IDE Integration, and a set of OpenAjax Best Practices. Now it's up to developers to demand industry cooperation with these standards.

Hub 1.0 enables multiple AJAX runtimes to work together. Written in standard JavasScript, Hub 1.0 only takes up 2,845 bytes after compaction, making for a near instantaneous download. It features a publish/subscribe engine (the pubsubhub), and AJAX library registration, plus advanced features such as wild carding.

Ferraiolo identified Hub 1.0's main value as being in the area of mashups. A container application such as one from IBM or Tibco wants to grab a mashup component off the Web, such as from Dow Jones, packaged as a mashup component. These need to talk to each other. The Hub lets them look for a single application programming interface (API) for sending the message out and receiving messages from different applications. Hub 1.0 also works for Web applications that use multiple toolkits, next-generation portals and Web applications that benefit from loose coupling programming techniques. Hub 1.0's pubsub mechanism serves as the integration glue for otherwise independent modules.

At the talk, Ferraiolo demonstrated a theoretical example of a page using four AJAX toolkits for XMLHttpRequest, calendar control, table control and a charting utility. The visual controls need to react to new server data and to each other and update their views appropriately. The code first loads the 2,845 byte AJAX hub. All of the other widgets subscribe to it. Then they update their visualization widgets.

Ferraiolo promised that OpenAjax Hub 1.0 is nearly ready to ship. The spec, open source code and test suite are finished already. The spec is available now, along with the reference implementation at SourceForge. Several interop demos are also online.

Looking Toward Hub 1.1
OpenAjax Hub 1.1 will address pub/sub within a single browser frame. It will most likely add pub/sub across frames and between clients and servers, as well as providing a framework for secure mashups. This will run in today's browsers without plugins and provide secure handling of third-party mashup components -- and it will still work if and when browsers add native support for secure cross-frame messaging. Hub 1.1 is due out next year.

The OpenAjax Alliance is also working to have Hub 1.1 work with Comet, especially in conjunction with mashups and portals. Many enterprise applications want to have monitors where the server pushes data when there's new data. But browsers only allow two connections per Web page. The Alliance is working on a thin layer API for mediated server push to get around this limitation, with a "provider" mechanism where an AJAX toolkit plugs in that implements the APIs and provides Comet services.

Another work in progress, the OpenAjax Registry, aims to prevent JavaScript object collision within complex AJAX applications, using a registry managed by OpenAjax's Interoperability Work Group. The Work Group will begin to populate the registry this fall. A few months later the IDE Work Group plans to release its first draft of an OpenAjax standard XML file format for encapsulating an AJAX widget for use with IDEs, and for expressing AJAX library APIs for use with IDEs.

Ferraiolo ended his talk with a pitch to join the OpenAjax Alliance. It's free -- and it gives your company a chance to help shape a future where the Web works both more efficiently and more securely.