

Show HN: Safely run multiple applications on the page using Web Workers - pfraze
https://github.com/pfraze/link-ap

======
pfraze
Small video that shows how it works:
[http://www.youtube.com/watch?v=vAMTomxQV80&feature=plcp](http://www.youtube.com/watch?v=vAMTomxQV80&feature=plcp)

------
kzahel
Interesting concept, but there is not enough explanation as to how it is
implemented, what motivates the project, and what kind of browser support is
available.

~~~
pfraze
You're right; I'm balancing my time between writing docs and getting code out.
I'll copy in a post I made recently in the unhosted mailing group:

I think silos are created in the Web by the security model of document
sandboxes.

It's not possible to share a connective session between two applications
without involving remote hosts. All traffic has to go out to a server to reach
other tabs, and it only happens if the two hosts have channels to each other.
As a result, the functional connectivity of web applications is determined by
the providing services.

Put another way, I can't tell the the facebook interface to download all of my
posts and hand them over to my google docs interface. I might tell the google
docs server to use a protocol like OAuth to get permission for a remote
session, so the docs server could download the posts from the facebook
server-- but that scenario is only happening if both parties agree to and
implement the channel, which is cumbersome. So as of right now, even if the
facebook interface can easily grab a list of my posts, they're staying in the
interface.

And it's actually a little worse than that. Even with a perfectly connective
world of hosts, where every service has a channel to the other service you
need, the arrangement is difficult to trust. Exactly what am I granting
permission to by connecting services? How could I know? It's only vaguely
apparent in the permissions interfaces, and the decisions are rarely case-by-
case. "Will read all your mail and post to your feed (and communicate with its
third-party host)." Great, I really want to roll the dice on that.

Again, this is because there are no permeable barriers between browser tabs
for information to pass through, nor are there the tools to easily configure
and safely mediate that barrier if it existed. And since we rely on domain-
based security, there aren't any good tools for mediating remote connections
either.

So how do we solve it? I think we need to update the browser environment to
support more fine-grained connectivity and security policies, which is the
purpose of LinkAP. Once you get a sandbox that can inter-communicate with
other sandboxes (workers) it's a matter of setting up a strong protocol for
routing messages, configuring endpoints, and enforcing security.

There are probably a lot of ways you can do it, but the choice I made was to
use HTTP so that local applications can behave as invisible proxies to
remotes. That allows programs to be gatekeepers to their services, usually
with some permissioning tools from the environment. HTTP also allows
links/forms/ajax to work as before on the in-browser apps. There are a lot
more details (some still developing) but I'll leave that for another time.

The design doc gets into it more: <https://github.com/pfraze/link-
ap/wiki/Design-Document>

