22-09-2008 My presentation on Oracle Open World 2008
In this presentation the possibilities and (dis-) advantages of using Oracle Application Express in combination with MashUps are discussed
Sogeti Nederland B.V. Complex A lot going on, different areas web 2.0???? "Your application is not alone“ Bachground information Presentation of a 'TagCloud' filled with all relevant today's webdevelopment terms. This way it is illustrated what a dynamic and interesting world webdevelopment is. ApEx also is part of this webdevelopment world and can benefit of all what is going on! Purpose of this, the webapplication those not stand alone and with the continuesly development of all sorts of api's there are possibilities to integrate, mashup the webapplications!
Sogeti Nederland B.V.
Sogeti Nederland B.V. Bachground information This section is to clearify what is meant by a MashUp. In this part of the presentation i will try to give an answer to what is a Mashup, what sorts/genres a there en which Online Resources, MashUp tools are avaliable today (Dapper, Yahoo Pipes) Metafoor – Martini, Shaken Not Stirred - Combine – Gin (sometimes Vodka), Dry White Vermouth (Or Sweet Red Vermouth) with Lemon (Or Olives) - Combine it, Shaken (could be stirred, but Shaken is prefered ;) - Presentation! Parts What is it. Mixing of data and functionality of more then one resource Genres News, search&shopping, video&photo, mapping (coding) Examples News – Google News Online Resources You can create you’re own Dapper, yahoo pipes
Sogeti Nederland B.V. Different Genres for MashUps can be distinguised - News, (combining multiple new source in single view, most common) - search&shopping (vergelijksites, search in multiple online stores) - video&photo (facebook, flickr search and combine multiple photo’s of single object – check M$ PhotoSynth - mapping / Google Maps, M$ Virtual Earth - online Tooling - (coding)
Also online tooling, how to create your own mashUp, easily - Dapper, screenscraper - Yahoo Pipes (combine multiple sources) - Popfly Sogeti Nederland B.V.
Sogeti Nederland B.V. Enrichment because you get actual content (for free) with less effort to keep it up2date By using mashups right, reuse and classification of usefull resources is the goal, which will lead to higher user experience, information otherwise looking for, now presented to them, filtered and sorted by the whole user-community! Benefit of the use of data and functionality from others (Google News) Lots of open-source initiatives
Sogeti Nederland B.V. Why the combination with ApEx? - ApEx is a fully RAD Web development framework - Extendible with other web technologies (eg. javascript libaries) - XML power of Oracle XML Db and lots of other oracle-db specific benefits - Out of the box WebService capacity in the ApEx Framework, it can - Extendable Different techniques - Webservices (SOAP/REST) - XML - JavaScript (AjAx) - JSON - API Standards - RSS - ATOM - SOAP / REST - WS-standards
Sogeti Nederland B.V. The possibilties for MashUp technology with ApEx came to me, with the demonstartion of the Packaged Apps Examples - Online Store - Youtube integration - RSS viewer - Google Maps - Yahooo Pipes example of Patrick Wolf - currently blogposts about twitter examples Based on this, I saw some professional potential for this and tried to work this out with “Mashing up” the Sample Application - Amazon example (webservices) - Customer details (Flickr photo’s GoogleMaps, JavaScript - Live demonstration, (view all customers in maps) How about developing with webservices in ApEx
Example of how to enrich your application by using mashup Shows sampleApp Get additional information from Amazon Mashup, where all product information is shown Sogeti Nederland B.V.
Example of how to enrich your application by using mashup Shows sampleApp - Customers Get geographical information from Google Maps Get additional information / pictures from Flickr Mashup, where all customer information is shown Sogeti Nederland B.V.
Sogeti Nederland B.V. Of course there are some issues you have to be aware of when using these technologies. Since you are integrating and thereby counting on an third partythere are issues like - availability - quality of service - security - legal? Demonstration of security issues??? Next to this trust also some application security threads are to be addressed, think about Cross Site Scripting (XSS), where it is possible it reaches your application with the Mashup and Cross Site Request Forgery (CSRF, pronounce as CSurf.) Cross-Site Scripting (XSS) XSS is a common attack in which an attacker injects a malicious piece of code into an otherwise benign site. The two basic types of XSS attacks are: - Reflected XSS A reflected XSS attack exploits vulnerable Web applications that display input parameters back to the browser without checking for the presence of active content in them. Typically, an attacker lures victims into clicking on the URL, as shown in Listing 2: - Stored XSS The stored XSS attack has become more important with the prevalence of Web 2.0. Web 2.0 promotes sharing, interaction, and collaboration among people, so users have more chance of seeing other (potentially malicious) users' input through services such as social network services (SNS), wikis, or blogs. In either case, input value validation and sanitization are the key to preventing XSS attacks!!! CSRF and JSON Hijacking Understanding the Effect of Attacks Now that you know how attackers get their code into applications, let's consider the implications of some of these common attacks. - Stealing Cookies or Passwords - Stealing Keyboard Events with a Key Logger - Inserting Wrong Information Stealing JSONP Messages How to Prevent - Input Validation - Secure the Use of JSON - Use <iframe> When Integrating Distrusted Contents (no access to full DOM page)
Sogeti Nederland B.V.
Sogeti Nederland B.V.
Sogeti Nederland B.V. In music there is term called 'quodlibet'. It was thought up in the 16th century and describes a piece of music which combines several different melodies after each after to create a new song. You are literary &quot;quoting&quot; melodies. So if we were to represent this SQL it would look like this. One of the styles for the quodlibet is called a simultaneous quodlibet. This is when two or more pre-existing melodies are combined. Nowadays we would call this a medley.
Sogeti Nederland B.V. With the advances in technology last century the possibilities with music grew exponentially. [Verder uitdiepen met bv..] 60’s the taperecorder, 70’s vinyl 80’s samplers 90’s digital editing on your own pc We could now not only use the melody, but the actual sound of a song. Or a part of a song. This became very populair in the underground rap and rock. A nice example of this is… Walk this way.. H ere we are taking a record by Aerosmith and replacing Steve Tyler’s vocals with RunDMC rap. When this started most of the songs were unofficially bits of allready released songs. Hence the name bastardpop.
Sogeti Nederland B.V. Offcourse, today there is more possible with our pc’s. We can not only MashUp audio, video, but all media.. Even Web applications…, data and functionality!
Sogeti Nederland B.V. Google News actually a very succesfull mashUp - Google News VP estimated in July an extra revenue of $100 mln (No advertising, because of the use of third party resources)
Sogeti Nederland B.V. Thanx to Dimitri, A real ApEx News MashUp, combining all blogpost made by the ApEX Community
Sogeti Nederland B.V. My own favourite RSS/Atom Reader!
Sogeti Nederland B.V. Yahoo! Shopping Search for all sorts products in all sorts of online shops! -Also offering a WebService, so you can build youre own And much more…
Sogeti Nederland B.V. PhotoSynth Share and combine pictures of same object, beautiful multiple picture views !
Sogeti Nederland B.V. FlickrVision World view of new uploaded pictures on Flickr
Sogeti Nederland B.V. Use of amazon’s webservice API - Additional productdetails - Customer Ratings - ProductImage Feature that made Amazon unique ”customers also recommend …”, would that be an idea? Live Demonstration of How to build this in ApEx! An example of a serverside mashup, using webservice/soap calls
Sogeti Nederland B.V. Use of Google Maps javascript API and dapper, based on flickr Additional photo information about person Map / Location An example of a clientside mashup, using AJAX and Google JavaScript API