Abolish the same-origin policy

In a Web context, the user must be able to safely load any arbitrary URL, to safely click on any arbitrary link. The way in which this is achieved is that the runtime places strict limits on what a Web page can do. This puts stringent limits on the Web’s ability to allow people to combine two services together, which in turn limits the Web’s usefulness and prevents it from evolving an application architecture that is better than native apps.

Link to original

Web Tiles asks the question about how we might enable composable software on the web, focussing on applications rather than documents.

Why permissions don’t work

”Asking people to approve access that they know they don’t fully understand and that they couldn’t monitor even if they did understand it does not empower them. On the contrary, it trains them to be despondent, helpless at the hands of the High Priesthood of Computer Whisperers. And our job as technologists building a better world is to eradicate the High Priesthood.”

See: access control

Wishes and intents

A wish is a verb applied to a type of thing. A tile’s metadata describes which wishes it can grant. This is similar to the existing technology matching this approach: Web Intents. Web Intents were developed (and abandoned) by the W3C’s Device APIs Working Group

Whereas hyperlinks are nouns — they name things — wishes are verbs.

wishes: [
  // this can pick images and return them
    "can": "pick",
    "what": ["image/*"],
    "name": "Select an image from our cat memes collection"
  // this can create a social post which the user can post
    "can": "post",
    "what": "com.atproto.repo.create",
    "name": "Post a cat meme"