Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The June issue (Journal 12) of The Architecture Journal focuses on web architecture. I was delighted to be invited to contribute, and wrote "Secure Cross-Domain Communication in the Browser" for this issue. In the article I describe a somewhat bizarre technique we use in the Windows Live Contacts web control and Windows Live Spaces web control to move data from HTML pages running on *.live.com to and from third party web sites. This is how the contacts control returns user-selected contact data to the page hosting the control, a web site that is not a Microsoft site.
The print edition of Journal 12 is out already and was handed out at TechEd in Orlando earlier this month. You can request a print copy by registering on the Journal's web site, or you can just grab the PDF and read it on-screen. Journal 12 will rotate into the headlines on the Journal's homepage soon.
A few posts ago I mentioned I could finally reveal what I had been working on at Google. Now I can also tell you in exquisite detail what I've been working on here at Microsoft for the past year and foreseeable future: cross-domain browser communication techniques. Coaxing stubborn little bits to migrate through impenetrable browser barriers.
"Secure Cross-Domain Communication in the Browser" is a high-level walk-through of the iframe URL technique of passing information between domain contexts in the browser, it's limitations and weaknesses, and the approach we've taken to build a channel communications library to fortify against those weaknesses and limitations.
Over the next few weeks I will be posting here on Windows Live Quantum Mechanics a series of articles digging into the nitty gritty of cross-domain communication, why it has been taboo in the browser, why it's time to change that perception, and techniques and code you can use today to achieve it - without compromising security or server scalability.
Cross domain communication would be much easier with the browser's help and shepherding, but with a little bit of effort we can actually do quite a bit today - safely - in spite of the browser's objections.
Comments
Anonymous
July 17, 2007
PingBack from http://www.dotmana.com/index.php/?p=323Anonymous
September 27, 2007
More than a few blog posts ago I stated my intent to publish a series of articles on cross-domain communication