The web browser, which originated as a simple viewer for displaying static web pages, has evolved into an operating system for executing web applications. The quantity, diversity, and capability of web applications have grown dramatically, such that many modern web applications have begun to rival the breadth and functionality of desktop applications. What has fueled this trend? Why do users find a browser to be a better application platform than a traditional operating system? Somewhere within the amalgamation of standards and conventions that define what it means to be a web application, there must be some key properties that make such applications particularly attractive to users. We argue that these important properties are unrelated to most of the de facto web API, including HTML, DOM, CSS, GIF, JPEG, PNG, JavaScript, etc. In other words, an entirely different set of web standards could be just as attractive and successful, as long as it were to maintain a particular set of core properties. In particular, we posit that web apps are attractive because they are isolated, rich, on-demand, and networked: • Isolated: Web applications cannot unilaterally affect other applications, so they are safe to try. • Rich: Web applications are visually appealing, interactively responsive, and semantically powerful. • On-demand: Web applications do not require installation or OS configuration, so they are easy to test drive and easy to point others to. • Networked: Web applications make use of resources on the web, so they can access and integrate a growing and up-to-date set of disparate content. We argue that these properties—which we call the IRON properties—are individually necessary to preserve the attractiveness of the current web. If web apps were not isolated or on-demand, the increased risk or burden of trying out a new app would reduce its rate of proliferation. If they were not networked, many of today’s most interesting web apps (online maps, electronic commerce, cloud storage, etc.) could not function. And although the early static web was not very rich, the introduction of client-side execution (via JavaScript) was needed to enable virtually every web app in use today. We further believe that these properties are jointly sufficient to provide the user experience that makes web applications attractive to users. To demonstrate this, the Zoog project at Microsoft Research is constructing a minimal execution platform that satisfies the IRON properties. Our intent is to show that this platform can support the entire set of applications that exist on today’s web. 2 Weaknesses of the current web API
[1]
Samuel T. King,et al.
Secure Web Browsing with the OP Web Browser
,
2008,
2008 IEEE Symposium on Security and Privacy (sp 2008).
[2]
Samuel T. King,et al.
Trust and Protection in the Illinois Browser Operating System
,
2010,
OSDI.
[3]
Bennet S. Yee,et al.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
,
2009,
2009 30th IEEE Symposium on Security and Privacy.
[4]
Benjamin Livshits,et al.
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
,
2007,
TWEB.
[5]
Jelena Mirkovic,et al.
Attacking DDoS at the source
,
2002,
10th IEEE International Conference on Network Protocols, 2002. Proceedings..
[6]
Alexey Melnikov,et al.
The WebSocket Protocol
,
2011,
RFC.
[7]
Jon Howell,et al.
Leveraging Legacy Code to Deploy Desktop Applications on the Web
,
2008,
OSDI.
[8]
Helen J. Wang,et al.
The Multi-Principal OS Construction of the Gazelle Web Browser
,
2009,
USENIX Security Symposium.
[9]
Charles Reis,et al.
Isolating web programs in modern browser architectures
,
2009,
EuroSys '09.