From Web 2.0 and Enterprise 2.0 to Management 2.0
Web 2.0: Connected Users
- Users share information with easy to use web-based social software on the Internet
- Enabled by AJAX + SLATES
- Transforming how we share information & work together
Figure 3: SLATES, Andrew P. McAfee's new Enterprise 2.0 acronym
Appendix B: ASP.NET AJAX
Exposing Web Services to Client Script in ASP.NET AJAX
Calling Web Services from Client Script in ASP.NET AJAX
Appendix C: AJAX—A Hacker's Dream?
The warning flags are going up about the increasing use of AJAX in web applications. It seems as though we're increasing the usability of your apps while dropping your guard on security issues.
AJAX allows for a more dynamic, interactive browsing experience. This, however, increases the surface area for common types of attacks such as cross-site scripting (XSS) and cross-site request forgery (CSRF). These types of attacks are caused by an attacker injecting script code into a web page, generally via a URL, thereby allowing the attacker to control the Web browser—performing actions such as stealing user names and passwords or executing HTTP requests without the user's knowledge.
An attacker could, for instance, inject malicious script into the client by using a dynamically created <script> tag, allowing data to then be imported into the attacker's web site. In the case of a CSRF attack, the attacker could inject a script into the client, allowing the attacker to execute unauthorized service methods on another web site by using saved authentication information (such as cookies) on the client.
AJAX controls should carry warning stickers about new client-side security issues.
Appendix D: Telephone Mashups Meet Web 2.0
Voice can add a new rich dimension to your Web applications, especially those centered on XML. With Web 2.0 and mashups on the rise, adding Voice XML to the mix lets you pull and push web-based information to your users wherever they may roam (as long as they take their cell phones).
A telephone mashup is a voice, web, or mobile application (VoiceXML, PBX, IVR, VOIP, SMS, Text Messaging, and so forth) that combines content from more than one source to create a new user experience.
Think of your phone as a web browser, and the audio you hear as the content in your web browser. The audio comes from a communication server, which is similar to a web server. The communication server (IP PBX, IVR, VoiceXML, and so on) is where the mashup occurs.
A simple example of a mashup might be alerts from an Internet-based voicemail server that uses SMS to send notifications to the voicemail owner. The SMS message can include Caller ID info collected from a Reverse Phone Number Lookup API using the originating caller's phone number. Another example might be a Store Locator Mashup where a customer calls a company general number, provides a cross street, and is provided line-by line-driving directions to the closest store location via SMS.
Finally, a significant example of the widespread use of Voice XML is the release of voice portal modules for CRMs from Oracle and SAP. Both are written to the VXML 2.0 spec; this allows users to choose any standards-compliant VoiceXML gateway to access the applications. (See Reference 16.)
- Wikis in Plain English: http://www.youtube.com/watch?v=-dnL00TdmLY&feature=related
- Enterprise 2.0: The Dawn of Emergent Collaboration, Andrew P. McAfee: http://adamkcarson.files.wordpress.com/2006/12/enterprise_20_- _the_dawn_of_emergent_collaboration_by_andrew_mcafee.pdf
- Enterprise 2.0 case studies: http://www.socialtext.net/cases2/index.cgi
- Enterprise 2.0 Technology Conference, 2007, Boston, MA: http://enterprise2conf.vportal.net/
- Web 2.0 for the Enterprise Strategy Briefing: http://www.oracle.com/pls/ebn/live_viewer.main?p_direct=yes& p_shows_id=5828710
- AJAX Overview: http://msdn2.microsoft.com/en-us/library/bb398874(VS.90).aspx
- AJAX Application Architecture, Part 1: http://msdn.microsoft.com/msdnmag/issues/07/09/CuttingEdge/
- AJAX application architecture, Part 2: http://msdn.microsoft.com/msdnmag/issues/07/10/CuttingEdge/default.aspx
- Exposing Web Services to Client Script in ASP.NET AJAX: http://www.asp.net/ajax/documentation/live/tutorials/ ExposingWebServicesToAJAXTutorial.aspx
- Calling Web Services from Client Script in ASP.NET AJAX: http://www.asp.net/ajax/documentation/live/tutorials/ConsumingWebServices WithAJAXTutorial.aspx
- Professional Web 2.0 Programming, Eric van der Vlist et al, Wrox (2006)
- Yahoo! Maps Mashups, Charles Freedman, Wrox (2007)
- Professional Ajax, 2nd Edition: Nicholas C. Zakas et al, Wrox (2007)
- Pro JSF and Ajax: Building Rich Internet Components: Jonas Jacobi, John Fallows
- New Language of Business, The: SOA & Web 2.0, Sandy Carter, IBM Press (2007)
- Pro Microsoft Speech Server 2007, Michael Dunn, Apress (2007)
- Hacking Exposed Web 2.0, Rich Cannings, Himanshu Dwivedi, McGraw hill (2008)
- Securing Ajax Applications, Christopher Wells, O'Reilly (2007)
About the Author
Marcia Gulesian is an IT strategist, hands-on practitioner, and advocate for business-driven architectures. She has served as software developer, project manager, CTO, and CIO. Marcia is author of well more than 100 feature articles on IT, its economics, and its management.
Page 3 of 3