Infoworld: Why did you found OpenAjax?
Boloker: If you go back nine months, the key problem that folks were having was, one: What exactly is the definition of AJAX? The second problem was: How do you get a message out to all parties that would be cross-vendor? The third thing was: From a technology standpoint, how can you basically start looking at what was going to happen when looking across toolkits?
So those were the reasons why we started OpenAjax. Now, when you start looking at the bigger picture here and at what IBM is doing in this space, you'll see that it is in parallel to starting OpenAjax; what we did at IBM is, we started a project inside IBM to work on trying to bring down the level of complexity of writing and debugging applications, AJAX applications in particular. And the way we did it was, we built a piece of code called the AJAX Tooling Framework which went on top of Eclipse, which is the core foundation for tooling that we are using, and we can demo the AJAX Tooling Framework with the whole idea behind it [being] to bring down that level of not only complexity but also to allow someone to write a lot more AJAX code in a much shorter amount of time and get it published faster.
Infoworld: What about Microsoft - which has its AJAX technology, Atlas - not being a part of OpenAjax? Are there any more overtures being made? Are they just going to sit on the sidelines like they seem to do with other industry initiatives, like Eclipse? What's going on there with Microsoft?
Boloker: I actually just spoke with Microsoft yesterday about joining OpenAjax, and they've taken back the details and are thinking about it, and they'll get back to us.
Infoworld: What do you think the impact is of Microsoft not participating? You have this massive PC software company, and they're not participating. Do you think it's detrimental for them to not participate, or does it not make a difference?
Boloker: Well it makes a difference because I'd actually like to have them at the table. They have some very, very skilled developers, and they've thought about the area a lot, just as Tibco has and IBM has and JackBe has and others. It would be actually great if we actually can get everyone to the table, and I'm really hoping that we can do it.
Infoworld: Do you think you will?
Infoworld: But they have not made any commitments to joining at this point?
Boloker: None. They're thinking about it at this point.
Infoworld: Are there any other major companies on the sidelines? I can't think of any right now.
Boloker: There's plenty of people that are in discussions with us, and those people in discussions with us are folks like Apple. Let's see, who else would be in it? We're looking at Cisco as another. Cisco is not core to the web piece of this. The other companies are mostly in Asia.
Infoworld: What about the issues of security around AJAX? Apparently there are a lot of them. What are you doing about that?
Boloker: Security around AJAX is actually security around the web. So there's many sets of issues here, and one of the things which we're actually going to cover inside of OpenAjax is a whole discussion on security, at the meeting at the end of the week. And one of the topics is not only from a web standpoint of cross-application scripting, which has been a problem in the web for many, many years, when you have cross-application scripting between servers.
Infoworld: Apparently there are issues with inexperienced developers, there are issues with the cross-site scripting, there are issues with web services. Even Jesse James Garrett who founded the term AJAX said there are a lot of issues and we're going to have to almost patch them one by one. So how can people rely on AJAX if it's got all these security issues? I talked to one AJAXWorld attendee yesterday, and she said she wasn't using AJAX yet, but the one thing she knew was that it apparently had a lot of security concerns.
Boloker: So there are security concerns. Actually, if you look at the security concerns you have when doing web services, there actually was work done for web services in the area of WS-Security. A lot of folks who are looking at this are looking at it for the first time. Well, the folks that actually have looked at service-oriented architecture said, "Well, if I'm actually going to start calling something, I want to, No. 1, ensure that I can call the resource, and then if I can call the resource that I'm actually entitled to, go deeper and actually access the data." The second piece of this is this cross-site scripting; this has been a known problem in the web, and it's a server-side problem that people have been dealing with.
Infoworld: So what are you going to do?
Boloker: The first thing we started doing is we're attacking the problem not one at a time, we're doing it in multiple fronts. The first thing was, How do we basically build AJAX, and how do we debug AJAX? And how do we see what's going from the client side of this to the server? And that's what IBM was working on, and Bob Goodman, a senior programmer at IBM, was doing with the AJAX Tooling Framework.
The second side of this is that we needed to get the knowledge out about what are the issues. You don't want to scare people away, but at the same token, you need to basically educate them. And this, again, was part of this whole side of what OpenAJAX was about. The third side of this is, How do you then look at it from an industry standpoint of coming out with the best practices? So this is a document that people [would] write to give to AJAX programmers. And then the fourth thing is to look for the technology side of it. How can we basically start securing the technology? And that work is under way right now. And while there are no great answers at this exact second, there's a very good understanding of the problem, and people are discussing what's the right way to do it.
Infoworld: What is the attraction of AJAX?
Boloker: AJAX enables you in a web browser to actually have some of the same qualities of an interaction that you used to have only in a fat client setting.
Infoworld: How does it do that?
Infoworld: Before AJAX, or theoretically before AJAX, you had Flash. Do you see Flash as a competitor, as a complementary? It just seems like it is kind of a competitive technology even if Adobe says it's not.
Infoworld: AJAX is a technique. Is there going to be an AJAX 2.0, 3.0? Do you see an evolution of it, or is it just that this is the technique for doing something and if you get too far away from it, then it's not AJAX anymore?
Boloker: Well, it's a programming paradigm, and with all programming paradigms, whether it's AJAX 2.0 or AJAX 3.0, it started off as AJAX. And it'll always be AJAX. And what you're going to do is learn, as an industry we're all going to learn nuances to do something easier or make it much more secure, the points you brought up before.
Infoworld: So OpenAjax is not going to come out with the next version of AJAX, right?
Boloker: No, OpenAjax is definitely not going to come out with another version of AJAX. OpenAjax is really going to be looking at [this] from a full industry partnership on how to move AJAX forward. Now, one might say that as we start looking at AJAX Hub and things like that, that people might say that, well, that's another version of AJAX. But in reality it's the same version of AJAX. We're just working to build it out.
Infoworld: Any final thoughts that you want to add?
Boloker: I think my only final words really come back to, I've been working in technology for many years, and as with any technology that's coming on the scenes, there are initially problems. Some of the problems have to do with, first of all, education of the audience, and the second thing has to do always with security, manageability, scalability, and things like that. Our friends from Google proved that AJAX can scale through Google Maps. For that matter, in a lot of cases I think that they've proved that you can run a pretty secure shop with AJAX. There are security problems that the industry.