This is a proposal of a pattern for building interlinking web apps. It would allow sandboxed integration with third-party services running on the same computer.
This would enable:
- services to manage their own client-side secrets (e.g. private keys)
- building shared caches
- sharing p2p network resources
Connecting to a service would look something like this:
const service = window.openServicePort('https://something.com/worker.js') service.addEventListener('message', console.log) service.postMessage('hello!')
myapp.com <-(service port)->
The service would listen for new connections, and interact over the duplex message-passing interface. The service would be able to see the origin domain of the connection and make security considerations based on this info.
We have implemented an MVP of this using existing web APIs (
ServiceWorker). By opening an iframe to a remote domain and using message passing (e.g.
iframe.contentWindow.postMessage ) we can establish communication with a service running remote context. This approach spawns a new instance of the service for every iframe.
In order for the service to have singleton behavior, we ensure a ServiceWorker is running from inside the iframe, then connect to that and forward the iframe's message passing interface to the ServiceWorker and back.
MyApp opens connection to the IPFS service (via iframe). MyApp makes data lookup requests to the IPFS client. IPFS client runs as a singleton (via ServiceWorker), and can service many external apps with a unified cache and network of peers.
- Services must be designed to connect to untrusted parties
- No webRTC in WebWorker/ServiceWorker
- ServiceWorkers dont handle cross-domain fetch
- ServiceWorkers can't open iframes to connect to other ServiceWorkers
- webrtc in workers https://github.com/w3c/webrtc-pc/issues/230
- ipfs in web browsers https://github.com/ipfs/in-web-browsers/
- Fly Web https://flyweb.github.io/spec/ https://wiki.mozilla.org/FlyWeb
- ServiceWorker Foreign Fetch https://developers.google.com/web/updates/2016/09/foreign-fetch