This is a great topic for us to explore.
We, from Microsoft Research, have been working on the MashupOS project. Back in March, we submitted a paper on the topic of protection and communication abstractions for web browsers. The submission is now accepted to SOSP 2007.
I attached our submission version of the paper; we are working towards a camera-ready, final version of the paper -- so please don't distribute the paper without communicating with me first. We'd love to hear your feedback and critiques. I am particularly interested in hearing your thoughts on the "sandbox" abstraction/tag, and the "restricted service".
> -----Original Message-----
> From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of
> Douglas Crockford
> Sent: Thursday, June 21, 2007 11:48 AM
> To: email@example.com
> Subject: [caplet] The Mashup Problem
> A recent development in web application development is The Mashup. A
> mashup is a page that is obtaining data from multiple sources and
> producing a useful result. A popular example is getting listings from
> a real estate site, and applying that location data to the display
> from a mapping site.
> Mashups are sometimes represented as widgets or gadgets. They take up
> some visual space and cooperate to produce valuable services. This is
> a powerful indication of the evolution of web architecture.
> The Problem comes from applications getting significantly ahead of the
> security architecture of the browser. The browser assumes that all of
> the components of a page are equally trusted. All scripts run with the
> same authority and have access to all of the information and
> connections that are available to the page. The only exception is the
> iframe, which because of the Same Origin Policy is unable to cooperate
> with the other components at all. The Same Origin Policy is too
> restrictive, so developers are circumventing it by putting all scripts
> where the Same Origin Policy does not apply. This allows mashups to
> work, but it is dangerous.
> The Caplet Group is looking at a communications method that will allow
> putting widgets into iframes or worker pools, and allow them to safely
> exchange messages. This would give us a pattern for mashups which is
> not dangerous.
> The communications method would ultimately connect all our client
> technologies, including Flash, Silverlight, JavaFX, Yahoo Widgets, and
> advertisements. It will also allow communication with web services
> which conform to the method.
> The mission for this group is to recommend the interfaces and
> mechanisms for this communication method, and to show why it will be safe.
> Yahoo! Groups Links