A coarse-grained solution requires some sort of containment vessel for the modules or widgets or gadgets or portlets, and a conduit system which provides for...
9
Norman Hardy
fosdf
May 20, 2007 4:34 pm
I quote from the MashupOS paper from Microsoft that Doug referred us to: There is either no trust across principals through complete isolation or full trust...
10
Douglas Crockford
douglascrock...
May 20, 2007 5:34 pm
... There are lots of Ajax libraries out their. You can find some pointers to them at Ajaxian.com. The web developer selects scripts from the library and...
11
Douglas Crockford
douglascrock...
Jun 1, 2007 1:08 am
Google Gears, a set of tools for offline Ajax applications, was introduced today at the Google Developer Day in San Jose. Gears is currently a browser plugin....
12
Douglas Crockford
douglascrock...
Jun 5, 2007 3:46 pm
We now have two webvats, the HTML frame or iframe, and the Gears's worker pool. What we need next is a safe common way to let them communicate. I think that...
13
Tyler Close
tjclose
Jun 5, 2007 4:59 pm
... Typically, we don't do access control at the vat level, but at the reference level. Typically, the vat identifier is just a self-authenticating identifier,...
14
Douglas Crockford
douglascrock...
Jun 7, 2007 3:23 pm
... Naturally. One of the peculiar aspects of widget architecture is that you have multiple vats that represent a common interest, but which initially have no...
15
Douglas Crockford
douglascrock...
Jun 21, 2007 6:49 pm
A recent development in web application development is The Mashup. A mashup is a page that is obtaining data from multiple sources and producing a useful...
16
Mike Stay
staym_datawe...
Jun 21, 2007 9:06 pm
... Which method is that? Or did you mean that the group trying to come up with one? -- Mike Stay stay@......
17
Douglas Crockford
douglascrock...
Jun 22, 2007 5:11 pm
... Right. JavaScript is dependent on global variables. Because of that dependency, it is unlikely that JavaScript can ever be made secure. HTML's DOM...
18
Helen Wang (MSR)
coolwintercrop
Jun 22, 2007 5:22 pm
This is a great topic for us to explore. We, from Microsoft Research, have been working on the MashupOS project. Back in March, we submitted a paper on the...
19
Helen Wang (MSR)
coolwintercrop
Jun 23, 2007 2:00 am
Sorry that the MashupOS paper I sent out earlier was defective. Here is a better copy: http://research.microsoft.com/%7Ehelenw/papers/mashupOS03-19-2007.pdf ...
20
Ben Laurie
benlaurie2000
Jun 25, 2007 12:08 pm
So, someone created this group and subscribed me to it, which I do not object to, the idea is interesting. But I'm wondering who did that, and why? Cheers, ...
21
Marc Stiegler
marcs.skyhunter
Jun 25, 2007 2:53 pm
I would say that markm is the one who subscribed you, except, it would be out of character for markm to surprise you. It would be much more in-character for...
22
Norman Hardy
fosdf
Jun 29, 2007 9:29 pm
The protocol I spoke of is described here: (http://cap-lore.com/ CapTheory/Dist/Glass.html#introducer). It assumes two agents on the same platform and a...
23
Mark Miller
capsecure
Jun 30, 2007 8:45 pm
... Hi Ben, As far as I remember, as a moderator, I sent you a Yahoo-generated email invitation. This email msg likely contained a link for accepting the...
24
Mark Miller
capsecure
Jun 30, 2007 9:54 pm
Posted on cap-talk. I will reply on cap-talk and forward my reply here as well. Further discussion of this should occur on cap-talk, but I'll forward here any...
25
Mark Miller
capsecure
Jun 30, 2007 10:16 pm
... From: Mark Miller <erights@...> Date: Jun 30, 2007 3:14 PM Subject: Re: [cap-talk] The Caplet Group To: "General discussions concerning capability...
26
Douglas Crockford
douglascrock...
Jul 2, 2007 5:59 pm
Let's look at some cases. Case 1. Pirate.net has a page with an iframe from penzance.org. The penzance widget is willing to talk to anything, and so is...
27
Douglas Crockford
douglascrock...
Jul 2, 2007 6:03 pm
Please excuse the misspelling of pinafore in the previous message....
28
David Hopwood
david.hopwood@...
Jul 10, 2007 10:06 pm
... # Communication is restricted only to JSON text. JSON text allows exchange # of simple or complex data structures without the capability leakage that #...
29
Douglas Crockford
douglascrock...
Jul 12, 2007 4:43 pm
... exchange ... leakage that ... The parseJSON method is available at http://www.json.org/js.html It will be standard equipment in the next edition of...
30
David Hopwood
david.hopwood@...
Jul 12, 2007 5:03 pm
... That's good. I still think that exchanging deep-copied objects directly would be more convenient. It also allows immutable objects to be shared between...
31
Douglas Crockford
douglascrock...
Jul 12, 2007 5:30 pm
... Exchange of strings between vats is safe because strings are immutable and do not carry capabilities to things like Object and Object.prototype. JSON...
32
David Hopwood
david.hopwood@...
Jul 13, 2007 1:48 am
... I see that even that page says: # To convert a JSON text into an object, use the eval() function. before pointing out why you shouldn't do that. It should...
33
Douglas Crockford
douglascrock...
Jul 13, 2007 2:46 am
... String, ... Congratulations on discovering a design flaw in JavaScript. Welcome to my world....
34
Tyler Close
tjclose
Jul 16, 2007 8:03 pm
... Actually, I'd prefer to pass in a function that is given the opportunity to convert the value to one that does have a JSON representation. For example,...
35
Jon Ferraiolo
jon_ferraiolo
Jul 17, 2007 11:18 pm
I have three things to report that might be of interest to this mailing list. First, IBM Research has developed an approach called SMash whose goal is to ...
36
Douglas Crockford
douglascrock...
Jul 19, 2007 4:33 pm
We have the Mashup, which is the most interesting innovation in programming in years. But as practiced in the web browser, it is insecure. There is a clear...
37
Freeman, Tim
timothy_free...
Jul 19, 2007 8:59 pm
... That would be a good way to avoid the latency, if it works. Does anyone know what sort of functionality can be delivered that way? ... Tim Freeman Email:...
