Security is often seen as a big barrier to enterprise mashups: With many of them built by non-IT staff and integrating Web services from all over the Internet, there's no guarantee that they won't accidentally leak important data. IBM aims to assuage these fears with SMash, a mechanism that will help mashups authenticate Ajax Web services. Released today as an open-source project at Open Ajax, IBM plans to incorporate the code into its forthcoming Lotus Mashups product, and hopes that other vendors will also adopt it.
SMash is written in JavaScript, so it currently works only with Ajax-based mashups. Like other Ajax apps, mashups use Javascript code (interpreted in a browser) to call Web services, usually through XML or JSON. The difference is that whereas regular Ajax apps calls Web services hosted on the same server as the Javscript code itself, mashups call multiple services from several locations, which can lead to security problems if the mashup source isn't trusted.
