BluePrints for AJAX Applications
Project lead for jMaki
Conventional web: server manages entire view, lots of xml, browser is dumb terminal. From 2005, ajax appeared. Challenges we face today: multiple scripting languages, service-driven widgets, controlling access to services, security risks, performance.
- modern MVC design
- RESTful JSON services
- json for data exchange
- rendering library
On the client: use true JSON (Crockford) json.js; use pub-sub bus for inter-component comms; verify all inputs on the client (use a script to avoid injection attacks); don't take script from strangers (maybe malicioius, more likely may have their own security holes); avoid browser detection; use namespaces.
On the server: use a light RESTful architecture; keep session state to minimum; manage access to services (use API keys); use server to access and convert to JSON/JSONP/XML; set correct headers
Consider a library for generating correct JSON more easily. json.org Java, or G-JSON (?).
Choosing library - overview of various choices. They all have advantages.
The presentation jumped about a bit. I'm not quite sure what the presenter's take-home message was supposed to be. I'll probably spend some time looking at jMaki later though.