Friday, 8 June 2007

Genie Gears Up

Laurence Rozier is optimistic that Google Gears (GG) can be extended to include "mesh" and "peers" based on security page for Google Gears:

Sometimes web applications on different origins may want to share resources. We are investigating ideas for granting permissions across origins.

I must say that Laurence and I must have different understanding of "mesh" and "peers".

There are several types of collaborations:

1. A website which acts as a post master and relay data among users log on to its server(s), a star-collaborative model, e.g. discussion forum. GG can certainly helps increase the concurrent users log into a system by caching some previous data local to the users.

2. A web page pulls together several resources from different sources into to provide added-value to the user. That's the current "mesh-up" model. Most of these are done via server-side technique. The originating server (the one which sends the web page) performs web service calls to the different sources and then process and present to the user. A client-side solution will be pulling the data from different sources, massage the data on the client-side (typically using Javascript) and present via updating different elements of the web page DOM. The second scenario to work, the web service must be able to return a JSON string and allows a call back function. (See JSONscriptRequest for a technique to implement the later.) If the web service only returns a XML string, cross-domain scripting restriction will block the Javascript from processing the returned XML and block insertion to the DOM.

3. This is similar to 1 above, but this time the user will arbitrarily select star-model collaborative services (1) to connect AND enable users from different collaborative services to exchange data. That's what I refer to as "peers-to-peers" service. Currently, I know of no pure browser-based service of this type.

4. Extending from (3), if user A can, via connected to user B, further support data exchange from those connected A (such as A1, A2,...) with those connected to B (such as B1, B2,...) AND truly enable a mesh, then I call this "mesh".

Web is basically a client-server structure, (3) and (4) above are definitely pushing the web model to its limits.

Going back to collaboration type (2) above, the client-side implementation is already posing a serious security threat. Firefox 2.0 trusted extensions cannot help in this case without the use of extensions or chrome code. Current GG only use the "same origin" policy. I hope the clever guys at Google can come up with something to enable granting permissions across origins in a scalable way.

1 comment:

Beyond WWW said...

Moderated access is definitely some thing Google would have to work upon and I am sure they would come up with some thing eventually. Till that time wait and watch.

Big Picture