- From: Dimitri Glazkov <dglazkov@chromium.org>
- Date: Wed, 9 Mar 2011 16:30:28 -0800
- To: public-webapps <public-webapps@w3.org>
Greetings, fellow Web-Platform-o-nauts, Summary: We need a proper Isolation Model for the Web. Component Model ain't it. Art's email prodded me to condensate some of brain ether accumulated while looking at the use cases. Here's some for ya. After a productive discussion with the Caja folks and some soul-searching, it appears that we should stay away from attempting to conflate isolation properties (such as origin restrictions or bullet-proof DOM membranes) from the component model properties (such as encapsulation and behavior attachment). >From the perspective of the component, the isolation is unfairly punishing -- you can't use the outside DOM or even DOM element on which you're hoisted, you can't add methods to it, and you have to always imagine the membrane in order to build a proper mental model of what the heck you're trying to accomplish. >From the perspective of the document, the isolation is too fiddly: it's rare that the level of isolation at the _individual_ component level is what's actually necessary. More likely, the isolation scope extends over a set of controls, a theme or just a pile of code. Having components isolated independently is unnecessarily complex and difficult to manage. Isolating components in bunches (a-la XBL documents) is also suboptimal, because it conflates modularity of controls with isolation boundaries. Moreover, after looking at Caja primitives, it was easy to surmise that as long as the component model API has a sound (i.e. non-crazy) design, its security/isolation can be: a) teased apart cleanly from the requirements of the component model; b) spec'd and implemented separately. This means that use cases http://wiki.whatwg.org/wiki/Component_Model_Use_Cases#Using_Shadow_DOM_Boundary_for_Isolation are not going to be addressed by the component model alone. However, it does _not_ mean that we shouldn't prioritize development of a proper isolation model. We merely should recognize that isolation and encapsulation are two different things. :DG<
Received on Thursday, 10 March 2011 00:30:57 UTC