- Let's look at some cases.
Case 1. Pirate.net has a page with an iframe from penzance.org. The
penzance widget is willing to talk to anything, and so is receptive to
messages from the pirate page. This looks pretty easy.
Case 2. Penzance.org has several widgets on the pirate page. Some of
them come from penzance.org, and some from sister site penifore.com.
These widgets want to communicate and mashup with confidential
information, but do not want to allow the pirate page to intercept or
Perhaps there are two facets, a public facet that pirate.net is
allowed to have, and a private one that is only for trusted relationships.
Then there is a discovery problem. How do the penzance and penifore
widgets get introduced if pirate.net is not trusted to do the
introductions? They could do the introduction through their servers,
but that is really inefficient. Is there a safe way that they can
discover and introduce each other strictly on the client side?