15The Mashup Problem
- Jun 21, 2007A recent development in web application development is The Mashup. A
mashup is a page that is obtaining data from multiple sources and
producing a useful result. A popular example is getting listings from
a real estate site, and applying that location data to the display
from a mapping site.
Mashups are sometimes represented as widgets or gadgets. They take up
some visual space and cooperate to produce valuable services. This is
a powerful indication of the evolution of web architecture.
The Problem comes from applications getting significantly ahead of the
security architecture of the browser. The browser assumes that all of
the components of a page are equally trusted. All scripts run with the
same authority and have access to all of the information and
connections that are available to the page. The only exception is the
iframe, which because of the Same Origin Policy is unable to cooperate
with the other components at all. The Same Origin Policy is too
restrictive, so developers are circumventing it by putting all scripts
where the Same Origin Policy does not apply. This allows mashups to
work, but it is dangerous.
The Caplet Group is looking at a communications method that will allow
putting widgets into iframes or worker pools, and allow them to safely
exchange messages. This would give us a pattern for mashups which is
The communications method would ultimately connect all our client
technologies, including Flash, Silverlight, JavaFX, Yahoo Widgets, and
advertisements. It will also allow communication with web services
which conform to the method.
The mission for this group is to recommend the interfaces and
mechanisms for this communication method, and to show why it will be safe.
- Next post in topic >>