Google Gears, a set of tools for offline Ajax applications, was
introduced today at the Google Developer Day in San Jose. Gears is
currently a browser plugin. It could ultimately be standard equipment.
The most interesting component of Gears is the WorkerPool. It allows a
script executed in it. That context is isolated in its own process.
Communication is provided in the form of JSON message passing. In its
current form, communication is constrained by the Same Origin Policy.
The Worker context is a vat. I think it would be very interesting to
apply capability discipline to the management of message passing, so
that messages can be safely and appropriately be exchanged between
widgets, gadgets, badges, iframes, other pages, other applications,
and other computers.
There is a lot of interest in Gears, and I think this is the right
moment to push it in a more secure direction.