AJAX: Great Stuff, Why Now?

4 September 2005

Those into web applications have no doubt heard the buzz of late on Asynchronous JavaScript and XML (AJAX), an approach to web development that focuses on harnessing the existing client side processing capabilities of modern browsers. In short, a larger portion of web application code, typically JavaScript, can be downloaded to and executed on the client machine. Further, the client code leverages the XMLHttpRequest object built in to most browser engines to communicate with the server in the background using XML and HTTP.

The most compelling reason for using the AJAX technique is that it enables a more fluid user experience. In other words, the user is not constantly interrupted to jump to a new page. Thus, with the understanding that client processing is far less expensive than network communication, the AJAX approach allows web applications to behave more like desktop applications.

As more and more code moves from server to client, however, intellectual property vulnerabilities may become an issue. Of course, this is very specific to the organization responsible for the application. If the organization is driving an open source effort or primarily focused on providing a service that is coupled to hosting infrastructure, exposing the client application may not be as much of an issue. On the other hand, if the corporate advantage resides in the client application, depending on customer audience, intellectual property exposures should be evaluated. Preventative measures can be taken through JavaScript obfuscation and potentially the future development of JavaScript security standards. Further, for very large applications, the amount of code downloaded to the client machine may pose interesting performance challenges. Could we use AJAX precepts to download more AJAX precepts?

Overall, I am very excited to see the improvement of the user experience in web applications. One parting question: what has changed recently to cause the flurry of AJAX activity? Was it the acronym itself? These technologies have been around since 1998. Why haven't application infrastructures and tools been maturing over the years? Possibly more importantly, is there a technology out there now that will raise similar questions seven years from now?

By Aaron Dunnington