[sugar] Integration with web apps (and Moodle specifically!)

[Ivan Krstić]

Ian Bicking wrote:
> What about local content?  Javascript content on a host can open
> XMLHttpRequests to the same host, so any content on localhost that isn't
> scrubbed could initiate any kind of RPC to localhost.

With present plans, only user-created or OLPC-signed content is allowed
to execute JavaScript. I'm open to revisiting this in rev2, since I
think it can be made more permissive without loss of security: e.g. a
cap on CPU and memory utilization, and denial of XHR would be enough to
solidly contain unsigned JavaScript, but I don't think there's time to
do this for rev1, unless it gets picked up by someone in the community.

> Would it be akin to how popup blocking works in Firefox (and extension
> installation)?  I.e., reject by default, but notify the user of the
> rejection and allow them to change that decision.

What scenarios do you envision where full identity authentication is
desirable, outside of the mesh and the school server? If there are
compelling ones, we can implement the popup-like interface, but
otherwise, I'd like to make it more difficult to approve the authentication.

> Would it have to be a broker, or could this just be a protocol with
> library implementations in the environments most likely to be relevant
> (Python, PHP, Ruby, whatever).  

To remove the need for callers to implement access directly to the data
repository and deal with locking, the callers instead speak to something
that does this for them. That something is the broker; the protocol to
speak with the broker will presumably have libraries in a bunch of
different languages (in fact, it's very likely to just be HTTP).

-- 
Ivan Krsti? <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D