Loading ...
Sorry, an error occurred while loading the content.

18RE: [caplet] The Mashup Problem

Expand Messages
  • Helen Wang (MSR)
    Jun 22, 2007
      This is a great topic for us to explore.
      We, from Microsoft Research, have been working on the MashupOS project. Back in March, we submitted a paper on the topic of protection and communication abstractions for web browsers. The submission is now accepted to SOSP 2007.

      I attached our submission version of the paper; we are working towards a camera-ready, final version of the paper -- so please don't distribute the paper without communicating with me first. We'd love to hear your feedback and critiques. I am particularly interested in hearing your thoughts on the "sandbox" abstraction/tag, and the "restricted service".

      Cheers,

      Helen

      > -----Original Message-----
      > From: caplet@yahoogroups.com [mailto:caplet@yahoogroups.com] On Behalf Of
      > Douglas Crockford
      > Sent: Thursday, June 21, 2007 11:48 AM
      > To: caplet@yahoogroups.com
      > Subject: [caplet] The Mashup Problem
      >
      > A recent development in web application development is The Mashup. A
      > mashup is a page that is obtaining data from multiple sources and
      > producing a useful result. A popular example is getting listings from
      > a real estate site, and applying that location data to the display
      > from a mapping site.
      >
      > Mashups are sometimes represented as widgets or gadgets. They take up
      > some visual space and cooperate to produce valuable services. This is
      > a powerful indication of the evolution of web architecture.
      >
      > The Problem comes from applications getting significantly ahead of the
      > security architecture of the browser. The browser assumes that all of
      > the components of a page are equally trusted. All scripts run with the
      > same authority and have access to all of the information and
      > connections that are available to the page. The only exception is the
      > iframe, which because of the Same Origin Policy is unable to cooperate
      > with the other components at all. The Same Origin Policy is too
      > restrictive, so developers are circumventing it by putting all scripts
      > where the Same Origin Policy does not apply. This allows mashups to
      > work, but it is dangerous.
      >
      > The Caplet Group is looking at a communications method that will allow
      > putting widgets into iframes or worker pools, and allow them to safely
      > exchange messages. This would give us a pattern for mashups which is
      > not dangerous.
      >
      > The communications method would ultimately connect all our client
      > technologies, including Flash, Silverlight, JavaFX, Yahoo Widgets, and
      > advertisements. It will also allow communication with web services
      > which conform to the method.
      >
      > The mission for this group is to recommend the interfaces and
      > mechanisms for this communication method, and to show why it will be safe.
      >
      >
      >
      >
      > Yahoo! Groups Links
      >
      >
      >
    • Show all 5 messages in this topic