Ajax bring end user and developer close
- Ajax is a method by which developers bring end users closer to interfaces being exposed by Service Oriented Architectures. The push to create loosely coupled service-based architectures is a promising idea with many benefits in enterprise environments. As more of these service-based “endpoints” become developed, and as Ajax introduces the ability to push more sophisticated processing to the end user, the possibility of moving away from the standard three-tier model arises.
Typically, many web services within an enterprise (as opposed to on the Internet overall) were designed for B2B, and therefore designers and developers often did not expect interaction with actual users. This lack of foresight lead to some bad security assumptions during design. For example, the initial designers may have assumed that authentication, authorization and input validation would be performed by other middle tier systems. Once one allows “outsiders” to directly call these services through the use of Ajax, an unexpected agent is introduced into the picture. A real-life example of such usage is the consistent pitch from Microsoft to use Atlas hand-in-hand with web services. Developers can now write JavaScript to create XML input and call the web service right from within the client’s browser. In the past this was achieved through service proxies at the server.