By BoLOBOOLNE payday loans

Web UI Platforms through Javascript sandboxes

I see a trend of how we’re approaching Tim O’Reilly’s Web 2.0 ideal in a way that he didn’t really identify.  But I think the trend is important, and growing, although still in its infancy.  The trend is towards richer web APIs
that enable people to build value on top of existing websites.  I’ll
give some history on how we got here, and talk about the current
trend-leaders that I see: Facebook and Google Maps.  I’ll also explain why I think Microsoft is in the best position to build the required enabling technology.

Original Web 1.0

Universal access to massive volumes of data.  Being able to search
through masses of data and find what you want.  Connecting people to
huge databases really well.  Key examples:

  • Online telephone books
  • Web search
  • Huge e-commerce sites

But in all of these applications, the data set is static.  User activity will not change the data for anybody else.

Web 2.0.1: Democratizing use of the data


The users of these data make the data better.
  They can collectively
organize the data.  (i.e. tags)  They can help filter good data from
junk.  (i.e. voting)  Or they can help you find the data that are most
interesting to you.  (i.e. collaborative filtering).  In other words,
you can interact with the data.

Any "Web 2.0 company" worth their salt has an API that federates out their raw data.  This enables other sites to use the data in new and novel ways.  But the primary problem with this paradigm is that anything built using these API’s is done from the ground up.  Using the gmail POP interface, it’s possible to build a better UI for gmail.  But to do so you need to first build an entire AJAX mail client — no small feat.  Better would be the ability to add features into the gmail UI itself.  But this is really the standard in web 2.0 API’s today.

Web 2.0.2: Democratizing the feature set

The next big trend will be enabling users to make more compelling ways to interact with
the data
.  Users can change not just the data, but how other users see
and use the data.  Sometimes this means API’s with UI hooks.  Or other ways to enable new functionality into an existing site.  This kind of platform enables Independent Software Vendors to improve upon the UI’s that the original sites created.

Facebook is doing this by allowing ISV’s to add new communications features to their site.  Google Maps is doing this through maplets that allow developers to create new ways to interact with mapping data from within the fabulous Maps UI.  Right now these are the only two examples of web 2.0.2 platforms that I’m aware of.

Building this kind of API is very challenging.  There are several very different ways to go about doing it.  Here are a couple of ideas:

  • Provide a server-server API that includes content generated from the ISV’s servers into the main experience.  Facebook style.
  • Allow developers to author XML files that define new algorithms that are interpreted on the primary host’s servers.  Yahoo pipes is a service in this style, but they’re not doing anything to enhance an existing service so it doesn’t really meet my 2.0.2 criteria.
  • Allow developers to author javascript plugins to run on the client machine.  Greasemonkey is essentially doing this.  This strategy has the best shot for a lot of applications in the long term, IMHO.  But it comes with some serious problems right now.

Doing this correctly would allow ISV’s to add new features to Gmail.  Think about it — if I wanted to change the way gmail messages were displayed, or how addressing happened, or whatever it was, this kind of platform could provide hooks for making gmail better in a way that a POP interface never would.  And even though a POP-style interface theoretically could do this, there would never be momentum because having a high-level base to build upon means that there are network effects from the extensions.  (Rails achieves a similar advantage over other web frameworks — just having a standard, any standard, means people will build upon that standard rather than argue over which library to use and extend none of them.)

3rd-party javascript

The big problem with this approach is security.  There is none.  You need to completely trust the ISV before you should allow their code to run in the context of your site.  The kind of editorial review required to do this today would completely kill the democratic goal of such a platform.

The world needs a security sandbox to run third-party javascript code inside.  This way primary site hosts could allow ISV’s to run their code on client machines safely.  Here are a few examples of places this kind of tool could be used.

ISV’s could…

  • Add UI features to Gmail
  • Create alternate ways to share and discuss images on Flickr
  • Define new mathematical formulas to run client-side on a web spreadsheet
  • Create new playlist selection / shuffling algorithms for Rhapsody

… and much more.  Even better, individual users (not developers) could pick which UI extensions they wanted to use.  Any site which provides such an API has democratized the feature development process in a very important way.  Not only does it provide a distributed mechanism to figure out which features are best, but it allows users to self-segment as to which features work for them.  Without such a mechanism the entire service must have the same features for everybody, which means product designers must play a political game where they’ll never make everybody happy.  Right now I think really only Facebook has solved this problem.

Building a security sandbox is an area that Microsoft could probably do best and fastest.  They are good at code API’s and layered security models,a nd they have a perfect place to do it with Silverlight and the CLR.  They’re trying to position Silverlight as a faster way to run DHTML, which is something else the world desperately needs right now.  But I just can’t imagine them doing anything this innovative or generally valuable.  Doesn’t sell more Office.  Doesn’t sell more Windows.  They don’t even really have many services that could use third party extensions, and they’ve lost touch with the ISV’s who might build such extensions too.  Google Gears could conceivably add such an extension.  There’s precedent there considering the javascript threading extensions they provide.

This will be a difficult problem to solve, I have no doubt.  But I hope somebody with the resources to leverage a solution takes it on, because I think it would really make the world a better place.

Comments are closed.