Abolish the same-origin policy
In a Web context, the user must be able to safely load any arbitrary URL, to safely click on any arbitrary link. The way in which this is achieved is that the runtime places strict limits on what a Web page can do. This puts stringent limits on the Webâs ability to allow people to combine two services together, which in turn limits the Webâs usefulness and prevents it from evolving an application architecture that is better than native apps.
Link to original
Web Tiles asks the question about how we might enable composable software on the web, focussing on applications rather than documents.
Why permissions donât work
âAsking people to approve access that they know they donât fully understand and that they couldnât monitor even if they did understand it does not empower them. On the contrary, it trains them to be despondent, helpless at the hands of the High Priesthood of Computer Whisperers. And our job as technologists building a better world is to eradicate the High Priesthood.â
See: access control
Wishes and intents
A wish is a verb applied to a type of thing. A tileâs metadata describes which wishes it can grant. This is similar to the existing technology matching this approach:Â Web Intents. Web Intents were developed (and abandoned) by the W3Câs Device APIs Working Group
Whereas hyperlinks are nouns â they name things â wishes are verbs.
wishes: [
// this can pick images and return them
{
"can": "pick",
"what": ["image/*"],
"name": "Select an image from our cat memes collection"
},
// this can create a social post which the user can post
{
"can": "post",
"what": "com.atproto.repo.create",
"name": "Post a cat meme"
}
]