The Inovis Blog

If you have tried to deploy widgets behind the corporate firewall and hit a brick wall with IT, you are not alone. While consumer desktop widgets are buzzing, enterprise use of widgets has been woefully neglected. However, WidgetFX, a new widget platform designed from the requirements of large enterprise customers, may change the way your corporation approaches desktop widgets as part of your IT Governance policy.

Desktop widgets are small, interactive applications that perform frequently used functions and provide access to services on the Internet, such as news, weather, time, maps, or even stock quotes. There has been an explosion of interest in desktop widgets for the consumer space including access to popular services such as Flickr, MySpace, and YouTube. However, there has been very little movement on the enterprise front to provide equivalent desktop widgets for corporate applications.

There are a number of issues that prevent the widespread corporate adoption of widgets:

• Security Issues – Security holes and vulnerabilities have plagued all the major widget platforms, and the general lack of rigorous security has prevented the deployment of widget engines within large corporations.
• Limited Platform Support – Unlike web applications, which can be deployed seamlessly across multiple OS and hardware platforms, most of the widget frameworks are limited to a few select platforms.
• Proprietary Systems – All the major widget frameworks are closed source and proprietary. As a technology vendor, this puts you at the mercy of the framework provider who may choose to change, upgrade, or even suspend their service at any time.
• Restrictive License Agreements – Given the above issues, it should not be a surprise that several of the popular widget frameworks have specific language in their license agreements that limit or prohibit commercial use to reduce liability.

Enter WidgetFX, the first desktop widget platform designed specifically for the requirements of large enterprises.

About WidgetFX

WidgetFX is an open-source desktop widget platform built on top of Sun’s new JavaFX technology. Widgets can be written in a combination of JavaFX Script and Java to take advantage of a very rich platform for graphics, animation, and media capabilities.

Unlike the available consumer focused widget frameworks, WidgetFX was born out of the need for a sustainable corporate widget framework. In order to meet this requirement it had to address corporate security needs, provide seamless cross-platform support, and be distributed under an unencumbered open-source license.

The initial v0.1 launch of WidgetFX was very successful, with over five thousand unique visitors from ninety six different countries in only the first few days. Here is a view of the geographic diversity courtesy of Google Analytics:

WidgetFX Geographical Distribution

The current release of WidgetFX includes a fully functional widget dock and is primarily focused on widget developers to give them the tools and documentation needed to start writing widgets today. Subsequent releases are planned to continue enhancing security, performance, and end user experience in anticipation of a Fall JavaFX release by Sun.

Widget Security

While users expect the same security restrictions browsers impose on web applications, most widget frameworks give widgets equal privileges to installed applications with full access to the disk and network. Regardless of how trustworthy the company providing the framework may be, 3rd party widgets could expose sensitive passwords or corporate secrets outside the corporate firewall. For this reason many large corporations have chosen to completely disallow or severely restrict the use of widgets on their intranet as part of their IT Governance policy.

Even widgets developed by trusted corporations are subject to security holes, such as the infamous Windows Gadget RSS Exploit:

“If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system.”

Similar security holes have plagued Yahoo Widgets with an ActiveX Buffer Overlow Vulnerability, and Google Gadgets where an XSS vulnerability allowed complete takeover of a user’s computer.

In contrast, WidgetFX has the ability to take advantage of the proven Java security model, which is based on a secure sandbox for isolating applications. Applications running within the sandbox are restricted from accessing the user’s files, changing data, or running arbitrary code. However, if a widget needs additional permissions it can request access from the user for reading a file, accessing a website, or even printing. For even greater access, a signed widget can request full permissions, but must be granted access by the user subject to their corporate security policy. This insulates the user from malicious code, and simplifies corporate governance of widgets within an enterprise.

Cross Platform Support

One of the traditional challenges of UI development is that certain user interface features are only available on a specific platform, which limits the capabilities of cross-platform toolkits. Therefore, it is no surprise that the most successful widget frameworks support only a single OS platform.

This provides challenges for corporations who want to adopt a standard for widget frameworks. Even if a corporation has standardized on Windows, they cannot deploy Windows Sidebar widgets without first upgrading all workstations to Vista.

There is an even greater challenge for corporations developing widgets, because they must rewrite widgets for each platform they need to support for their end users. Since there is no standardization across Widget frameworks, this also means retesting and certifying widgets per platform.

WidgetFX takes advantage of Java’s cross-platform support to provide a consistent user experience across Windows, Mac OS X, and even UNIX variants such as Linux and Solaris. With the release of Java SE 6 Update 10, WidgetFX will be further enhanced by features normally only available with native platform toolkits, such as translucent/shaped windows and system tray integration. Sun also plans to take the JavaFX platform mobile, which means deployment of common widgets across desktops and mobile devices is in the foreseeable future.

Open-Source Licensing

WidgetFX is licensed under the GNU Public License v3 under similar terms as the Java platform. This helps to keep the WidgetFX engine free for all companies and interested parties to contribute while also allowing development of commercial widgets for sale and distribution.

On the other hand, most of the popular consumer widget frameworks are proprietary, which restricts what you can do with them commercially. Some of the limitations you may encounter include restrictions on redistribution, lack of control over compatibility and version upgrades, and even blatant restrictions on enterprise or commercial use.

Quoting from the Yahoo Widgets terms of service:

“[Yahoo Widgets] is designed for consumer, personal use. It is not designed for enterprise, commercial, or human safety purposes. Its failure in such cases could lead to injury or damage for which you agree that Yahoo! is not responsible.”

Good luck getting your IT or legal department to approve use of a framework like this!

Summary

WidgetFX is an emerging technology for developing desktop widgets that can securely run in a corporate environment. The v0.1 release is designed to get developers started writing widgets early in anticipation of a fall launch of JavaFX technology by Sun. For more information about WidgetFX, including apidocs, tutorials, and a live application, visit WidgetFX.org.