Gross said one open standard for digital rights management is needed for this problem. "The AJAX client is insecure and there's nothing you do to get around that," Gross said.

The WS-Security specification could be used, but no one has been doing that because it is too complicated, he said. Gross also advised the audience to consider Amazon's PKI approach to security. A VPN also is a possible solution.

Flash, Gross said, is an alternative to AJAX, However, "It requires another skill set," he said.

Gross cited a disconnect between vendors and the community over AJAX. "I don't think the vendors got it. I think the community gets it," he said. There is a struggle right now over issues such as APIs, he said.

Not all the banter about AJAX was negative, however. Gross pointed out as example of of what can be done with AJAX an innovative map search Web site in Switzerland, map.search.ch, that enables users to pay for parking spaces right from the site. "This is the Web site that I like to use when saying we can build these types of apps," he said.