Security and capability services

Please forgive the title, I honestly didn't know what to write and that was
the best I could come up with.  Bear with me while I try to explain.

We have so many new things floating around: workers, sandboxed iframes,
etc, etc - and we have so many new capabilities "down there" but one thing
still seems kind of illusive and I think I'd like to bring it to TAG and
see if anyone is interested in discussion.

Essentially - none of these appears to be able to create a safe, real first
class citizen that can effectively sandbox and communicate in a really nice
way about capabilities.

Let me provide one simple example:  Imagine that I wanted to start
providing some common kind of data which might be usable by lots of
different sites or apps.  For example, a TODO list or a calendar.  Today,
I'd build a RESTful service and then expose JSON to everyone from a
fictional "todos-list.io" - maybe with some additional headers for security.

That's good, don't get me wrong, but I might have a view on this data as a
widget in my gmail and another in some extension which gives me extra nice
UI sugar etc.  Each one of these apps has to write solve a number of
problems to share that data/become offline capable/etc - there is no clear
way to signal them that updates have happened, and so on.

What I am saying here is:  Why can't I provide all of the complexity that
goes with that and provide a shared service as a capability.  A clear
enough example of the basics of how this might work are illustrated at
https://github.com/tildeio/oasis.js and similar things are being discussed
with native APIs with webapps and things but as far as I can tell - for the
general Web I see no way to accomplish this...

Using stuff that is mostly there today I could (these are just examples
using the closest existing thing to describe) provide a document @ '
todos-list.io/service.html' which would:
a.) provide an appcache manifest to bootstrap this offline
b) use xhr in there to request for data - however I like - lazy load, on
demand, etc...
c) provide cache for data in localStorage or indexDb
d) add to that whatever smarts I can: encryption, processing in workers,
etc...
Even using basically existing capabilities I could add a bit to ignore or
accept connections based on any number of criteria - in this case, let's
just say I accept from *, but require a key for identification/encryption
and expose and provide a service API.

>From my end, it seems pretty safe.  If you could then use the other end of
that model to say "This can operate will x-y-z privlidges" and request
connection to it stating which capabilities you might be wanting access to
it seems pretty safe from your end too.  The thing is today, you can't.
 There are so many levels of restrictions - every approach makes the
service provider a second class citizen in terms of what would otherwise be
access to things in their own domain and the sandbox stuff isn't quite
enough either.

It seems that the net result would be a healthy and simple message passing
mechanism over ports - potentially bi-directionally.  So if I update a TODO
in one app, I can let the others know that an update is available by
notification and they can refresh their views and *no one* needs to worry
about all of the dirty details of that stuff but me... I can imagine whole
new competition in this area that don't/can't exist today.

I apologize for the length here and if any of it is hard to follow - I can
try clarifying....  Do you think it might be something for TAG to consider?

-- 
Brian Kardell :: @briankardell :: hitchjs.com

Received on Wednesday, 28 August 2013 01:53:36 UTC