brentashley

Dion Almaer recently announced Google’s GData library, which allows you to securely access Google’s Calendar API (more APIs to come) for reading and writing calendar data.

I have long been a vocal advocate of the development of secure cross-domain methods in the browser. This is just the latest in a series of developments that make it apparent that the way forward is going to be built on existing browser technology without waiting for the browser vendors to bake in the necessary objects to support mashups.

Take note, I see this as the most important development on the internet today. I’ve said it for years – getting over the cross-domain hump securely will open the floodgates to a new level of Web interop.

Joel Spolsky has had more than a modicum of success reading the tea leaves of the software industry, so when he writes an incisive essay about the future of application development and platforms, it’s worth not only taking a look, but pursuing an understanding of some of the relevant issues and technologies.

I’ll provide some links here which will help the reader to understand how many of the points Joel makes in his essay are supported by existing technologies in various states of readiness. It’s a big pantry of ingredients that is waiting for the right chef to come along and combine them in a way that inspires the world to follow.

This list is far from exhaustive but I just want to give you some clues that are representative of each topic to help you get started. Please let me know if I’ve missed any important topics.

Javascript (language):

• ECMAscript – the standard
• Javascript as a Language

Javascript (engine):

• Webkit – used by Apple’s Safari
• Mozilla Tamarin Project – virtual machine, JIT compilation
• Screaming Monkey – Tamarin plugin for IE

Libraries/Widgets:

• Dojo Toolkit – one of the most mature and rich JS libraries and widget sets
• Yahoo User Interface Library – another very large and wide set of utilities and controls
• Ext JS – javascript components

Higher abstractions:

• JQuery – jQuery is designed to change the way that you write JavaScript
• Protoscript – prototyped behaviours simplified
• Google Gears – offline storage
• Dojo Offline Toolkit – abstractions on top of Gears, e.g. sync framework

Frameworks/SDKs:

• Tibco General Interface – comprehensive framework and visual tools
• Qooxdoo – multipurpose framework
• Google Web Toolkit – write in Java, compile to rich app with client-side JS
• OpenLaszlo – framework or runtime platform or both?

Rich Web Application Runtimes:

• Microsoft’s Silverlight
• Adobe’s Air

Kris Zyp (rhymes with Skype!), founder of Xucia, introduces CrossSafe, a small Javascript library to enable secure cross-site scripting:

CrossSafe provides secure cross domain JSON requests and partially implements the JSONRequest specification (the get and cancel methods). XMLHttpRequest follows a same origin policy, and because of this, when developing mashups that involve retrieving data from servers other than the origin, developers have typically had to decide between a secure, but slow connection that through a proxy, or a direct, faster, but unsecure dynamic script tag retrieval of information. CrossSafe allows fast, direct, and secure connections to foreign servers from the browser. CrossSafe uses the JSONRequest API as it provides a subset of the JSONRequest features.

I’m really happy to see that Kris has not only come up with a viable cross-browser solution to the secure mashups problem, but has taken the initiative to implement it via the first-ever released implementation of the JSONRequest API proposed by Douglas Crockford nearly 18 months ago.

Not only that, but he has implemented it in such a way that should browser manufacturers ship a JSONRequest object, it will gracefully step out of the way:

CrossSafe does not implement the entire specification. However, developers can use the JSONRequest API in CrossSafe to make cross domain requests (which is one of the primary motivations for JSONRequest), and if and when browsers implement JSONRequest natively, CrossSafe will simply leave the JSONRequest object alone, and code will continue to operate with the benefits of a native implementation.

CrossSafe apparently uses a technique similiar to that described in the Subspace document I blogged about recently. I’m looking forward to inpecting the CrossSafe code since there was no code released with the research paper.

I met Kris in San Francisco in July at The Ajax Experience. I found him more than once in advanced conversations with people like Douglas Crockford and Brendan Eich – definitely a player to keep your eye on. You can see Kris speak in October at The Ajax Experience East.

Thanks, Kris, for stepping up to the plate. Great work.

Update:

Douglas Crockford points me to Collin Jackson’s JSONRequest Firefox Extension. Collin was also one of the authors of the Subspace document.