Is AJAX fit to serve as spear carrier for next-generation Web technology? That question, asked by the San Diego Business Journal in March 2007, was answered by the sheer scale of the last two AJAXWorld Conference & Expos, in March (New York) and September (Santa Clara). The undisputed answer is "Yes!"
So many companies have jumped aboard the AJAX train that when we wanted to do an informal survey the other day on upcoming Web and Internet technology trends, I was able to quickly compile a list of 800 different companies that are leaving the station.
AJAX is moving toward the enterprise. Google, the company that helped light the AJAX wildfire in the first place by using it in Google Maps and Gmail, has since then released a paid version of its Web-based applications for small businesses, Google Apps Premier Edition, which relies on AJAX.
Beyond AJAX
Gmail was released on April 1, 2004, nearly a whole year before Jesse James Garrett even coined the term "AJAX." Some are already saying that Comet is the next step beyond AJAX. Chester Millisock, for example, wrote recently:
"It took ten months after the release of Gmail for AJAX to become a common technology. It took ten months for others to discover what Google was doing and to learn how to implement it themselves. It took ten months to come to the point where the programmer's brain said, "This Web app communicates with the server without refreshing the page. I like that!"
The same thing is happening all over again. Except in a short while the programmer's brain will become trained to say, "This Web app has a large amount of data that it wants to send to me. The server is continuously sending data to my browser, so it's there immediately when I ask for it. I like that!"
Using a Comet approach implies keeping a connection open between the server and each client. This allows for a "push" style of notification, whereby the server can inform the client of events asynchronously rather than wait for the client to poll for updates at regular intervals.
And some Microsoft developers, while acknowledging that AJAX is a very important piece of the puzzle, and solves many of the problems faced when creating responsive Web user interfaces, claim that AJAX isn't really asynchronous at all when it comes to HTTP requests. ("An AJAX Web request is a synchronous Web request just like any other," writes Brendan Tompkins, for example. "All AJAX solutions really are doing is using the browser's built-in threading - via JavaScript - to make multiple Web requests for you, and then updating the page when the server responds.") Tompkins' notion of "Beyond AJAX" is to use what he calls "real-life honest to goodness asynchronous method invocation on the server."
Securing AJAX
Before we worry about Beyond AJAX, though, there are many developers (and companies) who believe we should first worry about securing the AJAX apps we currently have. A world-beating pioneer of better AJAX security, Billy Hoffman, has even developed a groundbreaking one-day "Bootcamp" that will be premiered at AJAXWorld 2008 East in New York City (March 18-20, 2008).
Among other innovations, Hoffman has a whole new never-before-seen AJAX application that AJAX Security Bootcamp attendees will get to hack against, before using the app just attacked as a catalyst to lead the discussion about how to secure AJAX applications. "The audience will have probably missed some vulnerabilities in the application they just hacked and I will use that to illustrate how hard AJAX can be to QA and how to properly perform QA tests," Hoffman tells AJAXWorld Magazine.