Up to this point, SES has supported evaluating scripts in the SES runtime. Since every non-trivial application has many modules, running an application previously required creating a script bundle with a tool like Browserify. We’re excited to announce the first release of SES that directly supports loading ECMAScript modules. This is the first in a series of milestones toward delivering a seamless experience for applications that use both ECMAScript and CommonJS modules.
This model worked well until web applications started inviting multiple strangers into the same sandbox. Mashups and interactive advertisements showed the need for more flexible security models. Even so, web applications continue to depend on a security model where every stranger gets their own sandbox.
SES proposes a finer grain security model, Object Capabilities or tersely, OCap. In this model, you can invite many strangers to collaborate in a single sandbox, without risk of them frustrating, interfering, or conspiring with or against the user or each other.
As a way for programs to interact safely, any programming environment that fits the OCap model satisfies three requirements:
- Any program can protect its invariants by hiding its own data and capabilities.
- The only way to exercise power over something is to have a reference to the object that provides that power, like a file system object, or even a highly limited, attenuated file system object. We call a reference to a powerful object a capability.
- The only way to get a capability is to be given one, for example by receiving one as an argument of a constructor or method.
We can also link compartments, so one compartment can export a module that another compartment imports. Each compartment may have its own rules for how to resolve import specifiers and how to locate and retrieve modules. In this example, we use the compartment constructor to create two compartments: one for the application and another for its dependency.
We expect the introduction of compartments to greatly simplify using SES for large applications. In the coming weeks, we will be building tools that use compartments to load and bundle existing libraries and then execute them with a compartment for each package. This will provide a seamless experience as simple as <script src=“app.js”> or node app.js, but with the safety of SES.