- From: Douglas Crockford <douglas@crockford.com>
- Date: Mon, 30 Oct 2006 16:04:40 -0800 (PST)
I have been looking at the mashup problem. All scripts run with the authority of the base page, so mashups are not indicated for any application containing private data or managing a private connection. That is extremely limiting. Even worse, it turns out that rich media ads are mashups. I had been thinking that the solution was to replace JavaScript with a capability language like E (http://erights.org/) and to replace the DOM with a capability DOM. I am now thinking that a far less drastic solution is required: a module facility that forms a trust boundary in the page with a communications mechanism that does not allow capability leakage. It requires no changes to JavaScript and a small, incremental change to HTML. The proposal is here: http://json.org/module.html
Received on Monday, 30 October 2006 16:04:40 UTC