Kris Zyp

Presentations

JSON SOA-based Client/Server Application Development

In this session we look at how we can use the tools of JSON web services including Service Mapping Description (SMD) to quickly integrate JSON sources and rapidly develop applications using decoupled services for scalable high-performance standards based client server applications. We show how to use the Dojo library to easily connect to web services and build client/server applications. We will see a demonstration of creating an application using Dojo by quickly plugging in dojo.data storage and dojo.rpc service components and using standard REST and JSON-RPC communication with a Persevere storage and JavaScript server. JSON-based storage and RPC services can easily be wired to client side code with SMDs, and we will see how Comet capabilities can easily included to provide real time views of data as well. Using open service definitions and standards based data communication allows easy client and server components to easily be interchanged without client/server lockin. We will examine scalability benefits of using JSON REST services and RESTful application state management. We will also look at best practices for security and access control in developing web client/server applications.

Secure Mashups

This session will cover emerging technologies for secure cross-site mashups. We will look at new transport technologies including W3C's Access Control for Cross-site Requests, HTML 5's postMessage API, and Microsoft's XdomainRequest, and how to leverage these new features, and see how we can combine leverage new security mechanisms with the new dojox.secure framework.
We will also look at fall-back strategies that use existing browser technology like JSONP with subspace sandboxing, fragment identifier messaging, and proxied requests. Next, we will examine how to properly authenticate and authorize resource access in cross-site environments without compromising security using techniques such as explicit token authorization, double cookie submission, and OAuth, while avoiding security pitfalls like JSON hijacking. Then, we will look at emerging techniques for safely executing untrusted code from widgets and advertisements without security vulnerabilities using new JavaScript subsets like Google Caja and Adsafe. Finally, we will see how we can bring this all together to securely build mashups and load widgets, APIs, and data from other domains using the new dojox.secure module.

Persistent Computing on the Web with JSON Schema and Referencing

With the emergence of JSON Schema and Referencing conventions, there is new potential for true distributed computing paradigms in the web by leveraging portable type definitions in combination with persistence and referencing techniques. These capabilities can be brought together for a powerful new paradigm of interoperable data and web services with coherent remote method interaction using JSON-RPC. We will see how applications can be expressed as portable persisted object graphs, and how referencing capabilities can provide a foundation for cross-site persisted object graphs and well-defined distributed applications. Mashups can be built with higher levels of coherency in a distributed persistent environment.
JSON Schema provides portable typing definitions that can be used to auto-generate layouts, forms, and other UI components. It also provides a contract for type correctness that can be validated to ensure greater levels of reliability and safety in multiple system interactions. Combining JSON Schema with referencing provides a high level of type expressibility, super setting most language type expressibility. JSON Schema with referencing also heavily utilizes the concept of shared definitions, leaning on microformats, for highly interoperable data structures that can be meaningfully passed to different agents. When combined with persisted methods, JSON Schema can also be used as a typing construct for JavaScript.

Applied JSON: HTTP REST, Ajax databases and beyond

In this session, we will examine several powerful forms of JSON including REST JSON, JSPON, and JSONPath, to achieve powerful capabilities with JSON. We will explore the capabilities of Ajax-accessible REST databases. The dynamic nature of non-relational databases can provide significant benefit in rapidly developing applications, and providing JavaScript object persistence. Client-side code can directly participate in database interaction with systems like CouchDB, Persevere, and ActiveResource. We will learn how to interact with these simple interface and how to use JSONPath as a query language for JSON data stores. We see how these dynamic databases utilize JavaScript on the server for a consistent client/server JavaScript environment. We will also look at how Ajax databases affect security and provide an infrastructure for more secure web applications.

JSON Referencing conventions will also be covered as a mechanism for further expressing duplicate, circular, and cross-site referencing. There will also be a demonstration of using the Persevere open source tools to utilize these extensions to provide RESTful storage and server side JavaScript.