Without question, Web-based applications are one of the most important developments in modern computing. You could even argue that the greatest threat to Microsoft's dominance of the PC desktop isn't Linux or open source; it's the Web. When any application can be delivered over the Internet and displayed in a browser window, who even needs an OS?
But not so fast. Stop for a minute to consider the complexity of a modern Web app. The amount and variety of data flying back and forth over port 80 is simply astounding. What we call a Web "page" might actually be a vast collection of disparate objects, including not just HTML and images but also executable instructions, state stored as cookies, XML and JSON data, and plug-in content. And these objects need not all originate from the same server or even the same domain. It's a virtual free-for-all, no pun intended.
For all that sophistication, however, Web clients are remarkably laissez-faire. True to their roots, today's browsers are little more than glorified document viewers. They'll mix and match all of that content however we ask them to with very little oversight. Each page is free to pull in content and code from wherever it likes and handle it all with equal privilege. Unlike a desktop OS, in a Web browser, there's really no one minding the store. And look where that's gotten us: The browser is now the leading vector for all forms of malware and phishing attacks.
Maybe it's time we changed our approach. Maybe it's time we stopped treating the browser as a passive client and instead put it in the driver's seat, giving it the power and authority to enforce a security model for the distributed applications it serves. In other words, maybe we need a Web browser that thinks like an OS.
A new project aims to build just such a browser -- and would you believe it comes from Microsoft?
Running apps like a gazelle
Don't scoff. Sure, Microsoft's Web security track record has been abysmal, but that's all the more reason for it to get it right this time. A modern browser design like Google Chrome could easily wind up eating Internet Explorer's lunch if something doesn't change. Microsoft's proposed answer to that challenge is ambitious, if not downright radical.
Gazelle, a new prototype from Microsoft Research, is a rethinking of the browser from the ground up. It takes Chrome's concept of isolating Web applications into their own processes and carries it to the ultimate.
Dispensing with the old-fashioned idea of a Web page as an integral whole, Gazelle separates content into processes based on site of origin. For example, a page that contains text from one URL, streaming media from another, and ads from yet another would be split into three separate processes. That makes each portion of the content inherently more stable and secure; if one process dies, the rest live on.
The hub of all this activity is a piece of code that Microsoft is calling a "browser kernel," and the name is actually very apt. Much like an OS kernel, the browser kernel is in charge of creating, managing, and destroying the various Web application processes. Furthermore, it handles all communication between the processes; content from one source can never access or interfere with content from another, save through browser kernel APIs.
If this sounds a little bit familiar, it should. A few months ago I wrote about Google Native Client, which uses a similar code-isolation concept to allow CPU-native executables to run in a browser window. Like Google Native Client, Gazelle's security model doesn't come for free -- browser plug-ins, for example, will need to be rewritten to communicate using the Gazelle browser kernel's APIs. But while Native Client's security model applies only to native binaries, Gazelle assumes that all content is equally capable of harm and treats it accordingly.
A real Web OS?
When the Gazelle concepts will become part of a mainstream browser -- if ever -- is anyone's guess. The forthcoming IE8 is not Gazelle -- in fact, the Gazelle researchers are fairly critical of Microsoft's latest browser, which they feel doesn't go far enough to enforce code and plug-in security.
Myself, I'm more interested in the next step. Ever since applications began moving to the Web, various parties have floated the idea of a "Web OS" to power the new style of computing. Past attempts have been little more than browser-based mock-ups of a PC desktop or sets of shared Web services APIs. With Gazelle, however, we have the beginnings of a Web OS that deserves the name -- if Microsoft executes, of course.
Web applications that run on Gazelle run in separate OS processes, just like regular applications. They communicate with one another through a controlled set of APIs that are managed by a kernel, just like regular applications. How long until the Gazelle kernel and the OS kernel become one and the same -- and consequently, how long before Web applications and desktop applications truly become one and the same?
Cloud computing applications, such as Google Docs, are already straining the old computing metaphors to their limits. Just as a modern Web page isn't really a discrete document, your desktop isn't confined to your desk, and your files aren't really files. Your folders are at your fingertips, but they might be stored a thousand miles away. To take full advantage of this new, distributed computing environment, our concept of desktop computing must evolve. Gazelle may well be a glimpse at the next rung on that ladder.