W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Web Scripting Languages (was: Re: two-way communication in html)

From: Fisher Mark <FisherM@is3.indy.tce.com>
Date: Mon, 06 Mar 95 05:56:00 PST
To: "'Phillip M. Hallam-Baker'" <hallam@dxal18.cern.ch>, 'www-security' <www-security@ns2.rutgers.edu>, www-talk <www-talk@www10.w3.org>
Message-Id: <2F5B1459@MSMAIL.INDY.TCE.COM>

One element of modern application programs that has so far pretty much been 
neglected in Web client development is the integrated scripting language.  I 
see at least 3 uses for a Web scripting language:

1) Building extensions for current browsers;

2) A secure substitute for other CGI scripting languages; and

3) Adding intelligent agent capabilities to the Web.

One possible base for this work would be Safe-Tcl, Nathaniel Borenstein's 
and Marshall Rose's email scripting extension for John Ousterhout's Tcl/Tk. 
 Safe-Tcl uses a two-level interpreter, where the outer interpreter supports 
a carefully limited set of high-level capabilities.  Safe-Tcl is designed 
such that:

a) Modifications to the user's system have to be approved by the user in a 
reasonably high-level fashion;

b) Email generated has to be approved by the user in, again, a reasonably 
high-level fashion; and

c) "Excessive" use of system resources also has to be user-approved.

An additional basic guideline for Web scripting would then be:

d) Modifications to the Web server's system (POST or PUT) would have to be 
approved by the user in a reasonably high-level fashion.

I think that (a)-(d) would suffice as constraints for (1) above (browser 
extensions).


A secure substitute for CGI scripting languages ((2) above) for gateway 
purposes might be handled via the current CERN server's ability to run CGI 
scripts under a separate user ID that has no directory/file write 
permissions anywhere except perhaps to a directory for temporary files.  If 
the gateways can be constructed as one-pass programs, then temporary files 
would not be needed by CGI scripts under OSes that support pipelining.


Intelligent Web agents would:

i) Be able to walk the Web on their own (travel from machine to machine);

ii) Via a specific URL at each host, like 
"http://your.machine.com/Agent-Entry";

iii) Interacting with a specified user ID (like 
"webmaster@your.machine.com") who would have the approval authority from 
constraints (a)-(d) above.

If the URL "http://your.machine.com/Agent-Entry" did not exist, no agent 
could enter that Web.  If agents are permitted entry, capability (iii) along 
with constraints (a)-(d) should enable each site to formulate an appropriate 
policy for agent execution.  "Spiders" could really walk the Web...


I suggest the name "Spider" for this Safe-Tcl extension.
======================================================================
Mark Fisher                            Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN

"Just as you should not underestimate the bandwidth of a station wagon
traveling 65 mph filled with 8mm tapes, you should not overestimate
the bandwidth of FTP by mail."
Received on Monday, 6 March 1995 05:55:42 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC