Re: Component Model is not an Isolation Model

2011-03-11 Thread Robin Berjon
On Mar 10, 2011, at 23:07 , Boris Zbarsky wrote: >> The Isolation model (whatever it turns out to be), should provide >> ability to create this boundary at will, not tied to a component spec >> in itself. > > It's not clear that we need to solve this problem in generality to create > something us

Re: Component Model is not an Isolation Model

2011-03-10 Thread Dimitri Glazkov
On Thu, Mar 10, 2011 at 2:07 PM, Boris Zbarsky wrote: > On 3/10/11 4:58 PM, Dimitri Glazkov wrote: >> We want to be useful and not in the way for this use case. > > Agreed-ish. > >> For the cases where isolation is necessary, be that mashups or >> browser's implementation of HTML elements >> >> (h

Re: Component Model is not an Isolation Model

2011-03-10 Thread Dimitri Glazkov
On Thu, Mar 10, 2011 at 1:57 PM, Robert O'Callahan wrote: > On Fri, Mar 11, 2011 at 8:54 AM, Boris Zbarsky wrote: >> >> CDNs of various sorts, dedicated hostnames for different sorts of content >> (a la existing images.something.com setups), that sort of thing. >> >> If we want to not allow cross

Re: Component Model is not an Isolation Model

2011-03-10 Thread Boris Zbarsky
On 3/10/11 4:58 PM, Dimitri Glazkov wrote: > We want to be useful and not in the way for this use case. Agreed-ish. For the cases where isolation is necessary, be that mashups or browser's implementation of HTML elements (http://wiki.whatwg.org/wiki/Component_Model_Use_Cases#Built-in_HTML_Eleme

Re: Component Model is not an Isolation Model

2011-03-10 Thread Dimitri Glazkov
On Thu, Mar 10, 2011 at 1:59 AM, Robert O'Callahan wrote: > On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky wrote: >> >> 1)  Cross-site components are safe to use. >> 2)  You can't screw up and depend on implementation details of a >>    component, because if you're calling something the component

Re: Component Model is not an Isolation Model

2011-03-10 Thread Dimitri Glazkov
On Wed, Mar 9, 2011 at 7:17 PM, Boris Zbarsky wrote: > On 3/9/11 7:30 PM, Dimitri Glazkov wrote: >>> >>> From the perspective of the component, the isolation is unfairly >> >> punishing -- you can't use the outside DOM or even DOM element on >> which you're hoisted, you can't add methods to it, an

Re: Component Model is not an Isolation Model

2011-03-10 Thread Robert O'Callahan
On Fri, Mar 11, 2011 at 8:54 AM, Boris Zbarsky wrote: > CDNs of various sorts, dedicated hostnames for different sorts of content > (a la existing images.something.com setups), that sort of thing. > > If we want to not allow cross-site loading at all, those cases break. If we > want to allow it,

Re: Component Model is not an Isolation Model

2011-03-10 Thread Boris Zbarsky
On 3/10/11 3:35 PM, Adam Barth wrote: IMHO, it's important to make cross-site interactions predictable. Yes, agreed. Now, you might say that

Re: Component Model is not an Isolation Model

2011-03-10 Thread Adam Barth
On Thu, Mar 10, 2011 at 11:54 AM, Boris Zbarsky wrote: > On 3/10/11 4:59 AM, Robert O'Callahan wrote: >> >> On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky > > wrote: >> >>    1)  Cross-site components are safe to use. >> >> I'm less enthusiastic about #1. In many situation

Re: Component Model is not an Isolation Model

2011-03-10 Thread Boris Zbarsky
On 3/10/11 4:59 AM, Robert O'Callahan wrote: On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky mailto:bzbar...@mit.edu>> wrote: 1) Cross-site components are safe to use. I'm less enthusiastic about #1. In many situations, perhaps most, developers can choose to trust a component and host it th

Re: Component Model is not an Isolation Model

2011-03-10 Thread Robert O'Callahan
On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky wrote: > 1) Cross-site components are safe to use. > 2) You can't screw up and depend on implementation details of a >component, because if you're calling something the component >provides then you're using APIs the component explicitly exp

Re: Component Model is not an Isolation Model

2011-03-09 Thread Boris Zbarsky
On 3/9/11 10:29 PM, Ryosuke Niwa wrote: This is sort of a requirement for being able to use components that you don't trust to arbitrarily mess with your DOM though, no? We already have very complicated security mechanisms for frames, and the history of the Web tells us that it's really

Re: Component Model is not an Isolation Model

2011-03-09 Thread Ryosuke Niwa
On Wed, Mar 9, 2011 at 7:17 PM, Boris Zbarsky wrote: > On 3/9/11 7:30 PM, Dimitri Glazkov wrote: > >> From the perspective of the component, the isolation is unfairly >>> >> punishing -- you can't use the outside DOM or even DOM element on >> which you're hoisted, you can't add methods to it, and

Re: Component Model is not an Isolation Model

2011-03-09 Thread Boris Zbarsky
On 3/9/11 7:30 PM, Dimitri Glazkov wrote: From the perspective of the component, the isolation is unfairly punishing -- you can't use the outside DOM or even DOM element on which you're hoisted, you can't add methods to it, and you have to always imagine the membrane in order to build a proper m

Component Model is not an Isolation Model

2011-03-09 Thread Dimitri Glazkov
Greetings, fellow Web-Platform-o-nauts, Summary: We need a proper Isolation Model for the Web. Component Model ain't it. Art's email prodded me to condensate some of brain ether accumulated while looking at the use cases. Here's some for ya. After a productive discussion with the Caja folks and