Standards support for mashups emerge

The announcement earlier this week that IBM has put together an open approach for making user data secure inside of Web mashups, known as SMash, was the most recent step in an unfolding story about the way the industry is trying to bring structure and order to the rapidly growing and frequently unruly world of Web mashups.

As I've covered here in the past, mashups have enormous potential to allow more rapid and much less expensive development of online applications by emphasizing assembly over development, economies of scale by enabling high levels of reuse, and the consequent ability to rapidly get software solutions with the right data in the right place at the right time.

However, all is not rosy in the mashup space as I wrote last fall; there are significant challenges remaining before end-user or enterprise mashups can become a widespread reality despite the numerous offerings that exist today. Since then, I've only have one major new item to add to the list of adoption issues, namely that fact that most leading mashup solutions don't provide a good enough SaaS delivery model. Consequently Yahoo! Pipes remains the best example of a mashup tool that has the requisite low barrier for use for widespread adoption, despite far more sophisticated and capable brethren from the likes of JackBe, Serena, and soon, Lotus, the latter which appears to be repackaging everything it learned with the impressive QEDWiki into an enterprise-class product.

Fortunately, good news is on the horizon for many of the issues I raised last year. It now appears that the mashup industry is heading in a direction which may make the space much more viable indeed over the next year. For example, two my biggest concerns, both non-starters for organizations that want to adopt a mashup model (21% of all organizations reported that they were interested last year), was 1) the lack of serious security and identity support and 2) not having a common standards for the assembly of Web parts such as widgets, gadgets, and other Web applications. Without knowing how to secure mashups, safely handle sensitive user and business data, or know where to make infrastructure and tooling bets, most organizations were likely to sit on the fence and wait until these risks were addressed.

IBM's announcement this week about SMash was just one of many solutions now being offered resolve these two issues not only in the mashup space, but across the Web industry, as our personal and professional data gets more and more federated across the Internet and within our organizations. Efforts in this area include range from Google's OpenSocial initiative to the push for adoption of DataPortability.org's and OpenFriendFormat's support which are all improving the world of data safety, security, and mobility in the mashup world as well.

But the most comprehensive and detailed plan for bringing standard approaches and techniques to mashups has to be OpenSAM, which leverages many existing standards such as WebDAV, openid, LDAP, and also subscribes to DataPortability.org's standards to create a consistent and well-organized design and interaction model for offering complex, heterogeneous mashups to both the consumer and business community. Even more importantly, they cite a good number of companies already offering Web applications that support OpenSAM. The OpenSAM vision is broad and focused across the usage spectrum and the OpenSAM folks say that "once OpenSAM is added to an application, it can immediately join mashups with all other OpenSAM applications."

While there is still a lot to sort out and the mishmash of standards can seem confusing even to experienced software developers and IT staff, the upshot is that the early guerilla techniques used by Web pioneers to glue together the pieces of different Web apps into new Web apps are now being supplanted by more mature and well-documented approaches. The result will help bring mashups closer to widespread reality in the user community and bring tangible business results while also helping reduce IT application backlogs in the near future (though management and governance of mashups remains a potential headache for now).

Here are the emerging standards and approaches we're tracking currently in the Web mashup space:

• OpenAjax. Initiatiated by IBM but having broad support across the industry with over 100 member companies, OpenAjax is an increasingly rich model for safely bringing in code and data from many 3rd party suppliers at design time or via live integration. The new OpenAjax Hub 1.1 standard, which includes support for SMash, the aforementioned IBM developed approach for providing data security in mashups pulling data from multiple sources on the Web and in local SOAs, looks to be a compelling option for those looking to create next generation mashups and supporting products based on well-documented standards.
• OpenSAM. A comprehensive and sophisticated set of standards and documented practices for creating mashups. OpenSAM is very advanced in that it support a wide range mashup capabilities including discovery, provisioning, branding, identity, workflow, document storage, meta-data and more. OpenSAM lists a number of existing products that implement it today and it also provides many of the look and feel standards that many users will find helpful as they encounter more and more applications built on a mashup approach.
• DataPortability.org. Not specifically intended for mashups, but offering a set of open standards that enable interoperabilty and portability of data, DataPortability.org's mantra is "existing technologies + turnkey reference blueprints + simple user story." DataPortability.org supports a laundry list of popular new open Web standards for portable data, many of which overlap with OpenSAM, including APML, openid, RSS, OAuth, and others.

These three broad initiatives around the open integration and transfer of information and Web parts are the leading players in their space and smartly build on top of the leading standards, new and emerging, in the space. While these are developing well ahead of robust support in most existing mashup tools, we can now expect that the next generation of products will address many of the issues that's preventing the developer mashup story, which has been growing by leaps and bounds in the last couple of years, from moving to the end-user world.

Is your organization looking at using mashup approaches or tools that enable them? Tell your story in Talkback below.