Hi all,
I am the first author on the Webstrates paper.
I'd be happy to answer any questions you might have about the project.
The tl;dr: Webstrates persist and synchronize changes to the DOM of any page served from the Webstrates server to clients of the same page. Using transclusion through iFrames we can create (a dynamic) application-document like relationships between two pages.
It's very interesting. I looked at the video and I'll try to download and make it run. I played a little with share.js time ago so I have great expectations.
I see that you support basic authentication and oauth is marked as experimental. Authentication is not the core of your project but it's very important if you want that people downloads and use your software for something real, collaborating over the internet instead of playing with it locally.
We are aware that proper security and authentication are core problems to solve for the idea to scale. However, it is also an open (research) question how to do this properly.
Currently we have per-webstrate access right, which means that if you give someone permission to write in one of your webstrates they can do anything with it, e.g. empty its body. It could be interesting if it would be possible to specify what operations you would permit from someone to a webstrate, e.g. "you can only add to this particular unordered list, and the added element must have following form".
I think that Google got the permission system right with its Docs. The documents I work with are almost only technical documentation or meeting minutes on projects from customers, 95% text a few spreadsheets. I give editing permissions to the people I work with, view permission with the people I don't want to edit the document. It's not fine grained but I never needed more than that since I started using Docs in 2008.
On those projects we have designers who share their designs on Frontify or Invision. We only have the permission to view and comment. Even in this case is not fine grained, it's on the whole page.
I think this covers the 99% of business cases and possibly more, furthermore page wide permissions are something people is familiar with (least surprise principle) and a degenerate case of fine grained ones.
The tl;dr: Webstrates persist and synchronize changes to the DOM of any page served from the Webstrates server to clients of the same page. Using transclusion through iFrames we can create (a dynamic) application-document like relationships between two pages.