Jul 102006

I’m off to Mashup Camp this week!   Monday and Tuesday are pegged for Mashup University, with a more traditional conference session structure, and the unstructured (or just-in-time structured) mashup camp is on Wednesday.

I’m told that last year’s camp was nothing short of a web geek tech orgy, so these next few days should be a lot of plain old fun!

To add to the fray, I’ll be presenting a talk at Mashup U. at 10:30am Tuesday about a technique we’ve been working on here for the past several weeks to pass data across domain boundaries in web apps, all on the client side (no server bounce), and all in JavaScript (no browser extensions).

If you’re familiar with cross-site scripting (XSS) security barriers in the browser and DOM, your first reaction to this claim should be “You can’t do that!

Ah, but we can.  It’s supported by all the browsers, and by the DOM standards.  And it’s not a security hole.  The implementation itself is a pain in the ass, but it can be crammed into a nice tidy API only slightly more complicated than “Send this over there.”

This technique will be instrumental in building next-generation web applications using data drawn from multiple domains.

Instead of using the Internet as a collection of isolated domain silos, wouldn’t it be nice if web applications could actually use the Internet as a web?

We’re gonna do what they say can’t be done!   (yeeha)

Originally published on my MSDN blog.