Web Scripting Languages (was: Re: two-way communication in html)

One element of modern application programs that has so far pretty much been 
neglected in Web client development is the integrated scripting language.  I 
see at least 3 uses for a Web scripting language:

1) Building extensions for current browsers;

2) A secure substitute for other CGI scripting languages; and

3) Adding intelligent agent capabilities to the Web.

One possible base for this work would be Safe-Tcl, Nathaniel Borenstein's 
and Marshall Rose's email scripting extension for John Ousterhout's Tcl/Tk. 
 Safe-Tcl uses a two-level interpreter, where the outer interpreter supports 
a carefully limited set of high-level capabilities.  Safe-Tcl is designed 
such that:

a) Modifications to the user's system have to be approved by the user in a 
reasonably high-level fashion;

b) Email generated has to be approved by the user in, again, a reasonably 
high-level fashion; and

c) "Excessive" use of system resources also has to be user-approved.

An additional basic guideline for Web scripting would then be:

d) Modifications to the Web server's system (POST or PUT) would have to be 
approved by the user in a reasonably high-level fashion.

I think that (a)-(d) would suffice as constraints for (1) above (browser 
extensions).


A secure substitute for CGI scripting languages ((2) above) for gateway 
purposes might be handled via the current CERN server's ability to run CGI 
scripts under a separate user ID that has no directory/file write 
permissions anywhere except perhaps to a directory for temporary files.  If 
the gateways can be constructed as one-pass programs, then temporary files 
would not be needed by CGI scripts under OSes that support pipelining.


Intelligent Web agents would:

i) Be able to walk the Web on their own (travel from machine to machine);

ii) Via a specific URL at each host, like 
"http://your.machine.com/Agent-Entry";

iii) Interacting with a specified user ID (like 
"webmaster@your.machine.com") who would have the approval authority from 
constraints (a)-(d) above.

If the URL "http://your.machine.com/Agent-Entry" did not exist, no agent 
could enter that Web.  If agents are permitted entry, capability (iii) along 
with constraints (a)-(d) should enable each site to formulate an appropriate 
policy for agent execution.  "Spiders" could really walk the Web...


I suggest the name "Spider" for this Safe-Tcl extension.
======================================================================
Mark Fisher                            Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN

"Just as you should not underestimate the bandwidth of a station wagon
traveling 65 mph filled with 8mm tapes, you should not overestimate
the bandwidth of FTP by mail."

Received on Monday, 6 March 1995 05:55:42 UTC