AjaxFriendlyDataSources

From MashupCamp

1 Ajax Friendly Data Sources

Ajax Friendly Data Sources

Mashup Camp 6 - March 20, 2008 Mountain View, CA

The purpose of this session was to initiate some discussion about data sources that are appropriate for mashup applications, especially when the consumer of those sources is on this client side, typically in Javascript

Although I originally hoped we could go deeper into the issues, there were enough beginners present that we spent more time discussing some of the fundamentals.

[ The title Mashup friendly data sources might be more appropriate, since use of these data sources is not restricted to Ajax applications, but I've left the title as it was originally posted. ]

[edit]

Formats

We started with a short list of possible data formats to use in mashup applications.

XML: A universal markup format, widely used for interchange.
XHTML: The XML based version of HTML.
ATOM: An XML based document format and protocol for publishing feeds
JSON: A lightweight interchange format, easily parsed and consumed from Javascripts.
JSONP: A variation of JSON which allows cross-site callbacks.
ASN.1: A very compact binary format, originally developed for use in telecommunications applications.

We spent some time discussing the basics of JSON, and the differences between JSON and JSONP. We also discussed the tradeoffs between XML/HTML and JSON.

In general, the consensus is that JSON/JSONP are easier to evaluate within a browser / from JavaScript, but there are security implications if data sources can't be trusted. XML is universally acceptable, but can become more complex to deal with when the XML gets complex.

Atom was in neutral territory with this group. If a source or API uses Atom / AtomPub, then that seemes acceptable, but nobody was advocating its use.

I included ASN.1 because we use ASN.1 for efficiency in our inter-component communications within SnapLogic. Externally, we provide alternate representations (XML/XHTML and JSON) to consumers. Although it's not a typical client representation of data, I wanted to see if anyone else is familiar with it. It seems that on the client side, XML and JSON are the preferred formats, which is what I expected.

[edit]

Security and Access control

The initial discussion here revolved around the security related to JSON and the use of JavaScript's eval(). Cross site access issues also came up. This topic has been widely discussed elsewhere, and nothing new came up.

I wanted to get a feel for what mashup builders think should be used for access control to data sources, since this is becoming increasingly important for enterprise mashup applications. There are really two related issues here:

Access control for the data sources
Delegation and mapping of credentials

On the access control side, there was agreement that access control is needed, but there were no strong opinions on implementation. Any HTTP authentication scheme would be enough. (It appears to me that mashup developers are used to dealing what ever they get handed when it comes to access control.)

Delegation and mapping of credentials is a much larger discussion, and we didn't get very far with this part of the discussion. In general, a mapping is needed from the credentials of the user accessing the source to any required back-end credentials (e.g. SalesForce.com, database, etc.) There was agreement that some form of storage for the credentials would be needed, but again there were no strong opinions on what developers would like to see.

[edit]