They're all the rage in the Web 2.0 crowd: mashup services that typically combine maps with all sorts of data from a variety of Web sources. In the past year, we've seen a host of much-discussed sites pop up, from Zillow.com for real-estate value estimation, to AuctionMapper, which presents eBay search results on maps to help locate the nearest sellers.
Mashups aren't just sexy, they're useful for business. Their easy integration of data and services should enable a whole new class of enterprise apps, if IT can look past the hype.
Mashups are more than just annotated maps for consumer Web sites. The technology holds real promise for the enterprise, both within companies and among customers and partners. Because mashups use technology that you already have -- JavaScript, XML, and DHTML, plus fast Internet connections to support graphical and functional richness -- there's no huge investment required. IT is starting to take mashups seriously as quick, easy solutions to integration problems that previously seemed like a daunting amount of work.
This sort of lightweight integration has plenty of precedent, from the time-honored stock ticker, to e-commerce sites that combine UPS or FedEx tracking data with an order history to present a single view of order status. Inside the enterprise, portal server vendors, including IBM and Plumtree, have long offered users graphical tools to integrate data sources "at the glass," resulting in simple, personalized Web apps.
"What's different now is the availability and the ease-of-use," says Giovanni Gallucci, president and COO of Kinetic Results, which specializes in search engine optimization and Web analytics. "That's because a lot of the APIs are built on common standards."
Kinetic Results has created mashups using Web traffic and other analytics data to create visual reports for customers. Other adopters include aircraft engine maker Pratt & Whitney, which uses mashups to give employees access to the repair, order, and service history for any part, integrating a half-dozen data sources. And real-estate brokerage Zip Realty uses mashups to integrate client data from the CRM system within agents' e-mail, allowing them to view reports of current property matches from e-mail alerts.
Everything old is new again
For years, Web apps have dominated in-house enterprise development efforts, so integrating multiple data sources into interactive Web pages behind the firewall is nothing new. But runaway adoption of AJAX (Asynchronous JavaScript and XML) is changing the game. "What sets off the lightbulb [in developer's minds] is that you have this ubiquitous platform where you can integrate components without custom applications," says Ross Dargahi, co-founder and vice president of engineering at Zimbra, a developer of AJAX-based e-mail and collaboration tools.
Moreover, as more enterprise and service providers adopt Web technologies, a broader swath of data is available in XML form. "In the past, half the work was how to make these things work together. With XML and so on, that's old hat," Gallucci says.
The tipping point was clearly when Google published its Google Maps API, says Aaron Tavistock, chief architect at Zip Realty. "Google has put a lot out to seed the mashup concept, telling developers, 'Here, use this.' Before that, the openness hadn't been there."
Graphical richness has been the big draw, says Zimbra's Dargahi. "Historically, Web apps have been very thin, so IT loves them because they're easy to deploy. But users don't like them because they are clunky and not as capable as desktop apps. AJAX lets you provide that rich interface for thin Web apps. What captures people's imagination is the client, the presentation -- but the power is the information being available through these APIs," he adds.
SOA made sexy
With the widespread adoption of Web standards, "information access has become that much easier," says Dan Gisolfi, an IBM IT architect who's evangelizing mashups to enterprise customers. "Not only does it use the Web 2.0 tools, but it brings together disparate services and behaviors."
Newer, more complex technologies from the SOA and Web services worlds -- such as SOAP, WSDL, and REST (Representational State Transfer) -- can also be part of mashups, Gisolfi argues. In a sense, mashups are the simplest form of SOA-based application. "Mashups fit very nicely around the concept of a service-oriented enterprise," concurs Shane Pearson, vice president of marketing at BEA Systems.
Or as Jason Bloomberg, senior analyst at consultancy ZapThink, puts it: "They're the sexy part of SOA."
"Look around. You probably already have some mashups in place," even if you don't use that label, says BEA's Pearson.
For example, Pratt & Whitney developed its first mashups four years ago, using the term "info center" for these composite applications that used the technologies now associated with mashups, notes Colin Karsten, manager of business process solutions at the company. They were a natural outgrowth of first Web service and then SOA explorations, applying the same principles of modularity and standard interfaces to discrete projects.
If your enterprise isn't pursuing an SOA strategy, that might change after a few mashups are demoed. "Mashups expose the need for SOA," IBM's Gisolfi says. When decision makers see quick and easy consolidation in a single Web page of data and functionality normally spread across several apps, the benefits sell themselves.
Managing sources and services
The end result may be attractive, but the relative ease with which mashups can be created carries a certain degree of inherent risk. Typically, little more than JavaScript skills are required, and toolkits that ease the development process such as Tibco General Interface Builder and Backbase are proliferating. "That's why you'd better have a way for IT management and control," advises Joe Kraus, CEO of JotSpot, which hosts wikis for business users.
ZapThink's Bloomberg agrees. "The last thing a manager wants is for employees to assemble composite applications willy-nilly, with no controls in place or visibility by management. That's an accident waiting to happen."
One issue is the integrity of data external to the enterprise. FedEx and Google may be trusted, but more and more businesses are publishing XML APIs available to the Web at large. "Common sense says you should be careful with whom you integrate," Zimbra's Dargahi says.
Kinetic Results' Gallucci expects businesses with established partnerships to adopt the mashup approach as a way to exchange information and better integrate processes. In this case, the external data provider is an organization with which you already have a trust-based relationship. An obvious example would be mashup dashboards across members of a supply chain, using data feeds from various members to provide a common view. He expects early intercompany mashups to be created informally as test cases by project developers or business analysts. "Once they see it working, they can push it up the food chain and make it formal," he says.
Zip Realty takes this approach, Tavistock says. "We feel more comfortable with formal licensing arrangements," he says, and thus licenses Google Maps and MapQuest data for its mashups. "If it's not a core feature, we might be willing to use something that's not under a formal relationship," he notes, such as a data source made freely available a la the open source model.
IBM's Gisolfi believes that control will be hard for most enterprise IT departments to maintain, especially as mashup tools designed for nontechnical users emerge. Under those circumstances, he says IT will have to educate business departments on the need to get formal licenses with external providers whose information is used for ongoing business purposes.
Governance also comes into play for internal data sources, to ensure that confidential information is not inadvertently shared. This requires good governance in the form of policies, access management, and at least spot-checked approval. "For example, a business analyst has the right to mashup the call center screens, but a customer service rep does not," ZapThink's Bloomberg says. Over time, he expects mashup development tools to help enforce access and use policies, allowing IT to set the policies and less technical staff to assemble mashups based on their roles. But in the meantime, "you can only tell them what to do and get on their case if they don't."
Mashup governance goes beyond policies, Bloomberg notes. "Part of the challenge for IT is to build the right services at the right granularity," he says, so that mashup assemblers aren't tempted to go around IT. The use of external services and data sources should be treated the same way, vetted by IT -- and perhaps the legal department -- and made available in a sanctioned repository.
A Pandora's box?
Because mashups are easier to create than many traditional applications, they might not get the same scrutiny for security, JotSpot's Kraus warns. "A lot of these apps rely on JavaScript, which has too many leaks. Randomly installing external mashup components is dangerous -- you don't know what the apps will do, given that users want to mix and match what's interesting to them by using third-party resources."
Although IT may understand the security issues related to JavaScript or other technologies underlying mashups, it's too early to tell precisely what the new risks are. "We don't yet know enough about mashup security issues," says IBM's Gisolfi, so there are no clear security best practices for mashups.
Although attractive for lightweight, rapidly developed apps, mashups also have obvious limitations. "Mashups make sense for 80 percent of noncritical IT processes and logic," suggests Stefan Andreasen, co-founder and CTO of Kapow Technologies, which creates products that convert any Web-accessible information into standards-based forms that can be used in portals and mashups. "But no company would rely on a lightweight model [such as mashups] for critical information." So IT should pay attention to where mashups are used, so they don't creep into such business-critical areas.