We now have two webvats, the HTML frame or iframe, and the Gears's worker pool. What we need next is a safe common way to let them communicate. I think that...
... Typically, we don't do access control at the vat level, but at the reference level. Typically, the vat identifier is just a self-authenticating identifier,...
... Naturally. One of the peculiar aspects of widget architecture is that you have multiple vats that represent a common interest, but which initially have no...
A recent development in web application development is The Mashup. A mashup is a page that is obtaining data from multiple sources and producing a useful...
... Right. JavaScript is dependent on global variables. Because of that dependency, it is unlikely that JavaScript can ever be made secure. HTML's DOM...
This is a great topic for us to explore. We, from Microsoft Research, have been working on the MashupOS project. Back in March, we submitted a paper on the...
Sorry that the MashupOS paper I sent out earlier was defective. Here is a better copy: http://research.microsoft.com/%7Ehelenw/papers/mashupOS03-19-2007.pdf ...
So, someone created this group and subscribed me to it, which I do not object to, the idea is interesting. But I'm wondering who did that, and why? Cheers, ...
I would say that markm is the one who subscribed you, except, it would be out of character for markm to surprise you. It would be much more in-character for...
The protocol I spoke of is described here: (http://cap-lore.com/ CapTheory/Dist/Glass.html#introducer). It assumes two agents on the same platform and a...
... Hi Ben, As far as I remember, as a moderator, I sent you a Yahoo-generated email invitation. This email msg likely contained a link for accepting the...
Posted on cap-talk. I will reply on cap-talk and forward my reply here as well. Further discussion of this should occur on cap-talk, but I'll forward here any...
... From: Mark Miller <erights@...> Date: Jun 30, 2007 3:14 PM Subject: Re: [cap-talk] The Caplet Group To: "General discussions concerning capability...
Let's look at some cases. Case 1. Pirate.net has a page with an iframe from penzance.org. The penzance widget is willing to talk to anything, and so is...
... # Communication is restricted only to JSON text. JSON text allows exchange # of simple or complex data structures without the capability leakage that #...
David Hopwood
david.hopwood@...
Jul 10, 2007 10:06 pm
29
... exchange ... leakage that ... The parseJSON method is available at http://www.json.org/js.html It will be standard equipment in the next edition of...
... That's good. I still think that exchanging deep-copied objects directly would be more convenient. It also allows immutable objects to be shared between...
David Hopwood
david.hopwood@...
Jul 12, 2007 5:03 pm
31
... Exchange of strings between vats is safe because strings are immutable and do not carry capabilities to things like Object and Object.prototype. JSON...
... I see that even that page says: # To convert a JSON text into an object, use the eval() function. before pointing out why you shouldn't do that. It should...
David Hopwood
david.hopwood@...
Jul 13, 2007 1:48 am
33
... String, ... Congratulations on discovering a design flaw in JavaScript. Welcome to my world....
... Actually, I'd prefer to pass in a function that is given the opportunity to convert the value to one that does have a JSON representation. For example,...
I have three things to report that might be of interest to this mailing list. First, IBM Research has developed an approach called SMash whose goal is to ...
We have the Mashup, which is the most interesting innovation in programming in years. But as practiced in the web browser, it is insecure. There is a clear...
... That would be a good way to avoid the latency, if it works. Does anyone know what sort of functionality can be delivered that way? ... Tim Freeman Email:...
Tyler's "Bang Tutorial" <http://waterken.sourceforge.net/bang/> is the right place to start to understand the Javscript library used on the client to talk to...
The Waterken server is itself built in Joe-E and provides distributed capability-based interaction for Joe-E objects via an https/json based crypto capability...
The Waterken server itself can be downloaded from http://sourceforge.net/projects/waterken/ The core of the Javascript library that provides the API for...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
