On Jan 31, 2008 9:27 AM, Michael van der Gulik mikevdg@gmail.com wrote:
On Jan 31, 2008 1:41 AM, Bergel, Alexandre bergel@iam.unibe.ch wrote:
Hi Michael,
Some time in the next couple of years, I'll need a secure graphics API for my SecureSqueak project. The basic idea is that I need as thin a layer of abstraction as possible over various 2-D graphics targets: X11, MS Windows, Mac, Postscript/other printer APIs, OpenGL, VNC and possibly libraries such as Cairo. It would also need to do some event handling, as many events rely on a particular coordinate system. GUIs such as Morphic or Tweak would run on top of this.
You said "secure". Can you elaborate on this?
Untrusted code will be loaded, in bytecode form with dynamically rebound literals, from an untrusted remote server and executed locally. It would be able to render graphics, but not use the graphics / event-handling API to otherwise affect the running of any other remotely loaded untrusted code.
This includes the untrusted code being denied access to important objects and using excessive resources (cpu/memory/disk/network) such that the running of other code is affected.
For example, untrusted code will only be able to draw within the bounds of a Canvas passed to it. Draw commands outside this area will be clipped.
More here: http://gulik.pbwiki.com/SecureSqueak.
Sorry... I answered the question but didn't explain why.
I was hoping that Juan would have made an architectural separation at some point between a hardware abstracting API, with his Morphic 3 running on top of it. Ideally, these would be two separate projects; the hardware API would use handle basic drawing and event management, and Morphic 3 would process those events and do the fancy transformations.
Gulik.