The object capability model is an approach to security that utilizes object references as the primary means of controlling access and providing authority. Capability-based security follows the principle of using unforgeable capabilities to provide access to resources. Object capability builds on capability-based security by leveraging object references as the primary representation of capabilities, which are naturally unforgeable in memory safe languages. Object capability based security is an elegant approach to security because the goals of object-oriented principles of encapsulation and information hiding are realized in virtually the same exact manner as the principle of least authority that is at the heart of object capability security. This type of security is extremely flexible and customizable since it is based on object-oriented design. Plus, writing good code naturally leads to secure code, security can be designed with object encapsulation hand-in-hand.
Posts in the ‘Persevere’ Category
Object Capability Model and Facets in Perstore/Pintura
Monday, March 8th, 2010Pintura JSGI Modules
Thursday, March 4th, 2010Pintura is a REST-style web framework that provides a comprehensive solution for Ajax-based thin-server applications. However, Pintura has a very modular design, and many of the modules in Pintura are extremely useful as standalone JavaScript/CommonJS components that can be used with Node, Narwhal and other projects. Let’s look at the JSGI middleware modules. JSGI middleware modules are designed to be used in a JSGI HTTP request handling stack, adding functionality to a web application. An example of using a JSGI middleware:
function(request){
… my JSGI application …
});
Getting Started With Pintura
Monday, January 25th, 2010Pintura is a REST-style web framework that utilizes a layered approach to application development that facilitates straightforward, well-designed rich internet applications. Pintura forms the core web framework for Persevere 2.0, and consists of a powerful data modeling and persistence framework called Perstore, in combination with a REST-style web framework. You can read more about the goals and principles behind Pintura, but here we will look at how to get started writing applications.
Pintura-based applications normally consist of server-side data models with three layers: data stores, store models, and model facets. On top of this, different representation handlers (for serializing data to different formats) can be defined, but Pintura comes with a good set of these ( including JSON, JavaScript, multipart, and Atom), so usually that is not necessary. This provides a well-structured separation of concerns, distinguishing storage configuration (data stores), core data logic (models), varying capabilities of access to the data (facets), and data serialization (representations). Perhaps the easiest way to understand this approach to take a look at an example application.
Introducing Pintura
Friday, January 22nd, 2010Pintura is a CommonJS/JSGI-compliant, server-side JavaScript-based framework for building rich Internet application with the REST architectural style, thin storage-oriented server design, and the consistency of end-to-end JavaScript. The Pintura framework forms the core of Persevere 2.0, and is the first framework built to run on multiple CommonJS platforms like node.js, Narwhal/Jack, and Flusspferd/Zest. It utilizes a layered approach to application development that facilitates straightforward, modular web applications.
Pintura is not a traditional MVC web server framework, which often conflate presentation and interaction concerns across the client and server, but rather follows the REST prescription of maintaining simple storage and serialization oriented server also known as thin server architecture or SOFEA. Pintura is designed to cleanly separate the concerns of presentation and interaction on the client, and storage and model logic concerns on the server. This design fits perfectly with comprehensive JavaScript frameworks like Dojo, General Interface, Cappuccino, YUI, and ExtJS that provide client-side MVC. In particular, Dojo has excellent support for standards-based JSON REST interaction that matches perfectly with this server-side framework.
CommonJS/JSGI: The Emerging JavaScript Application Server Platform
Tuesday, January 19th, 2010CommonJS (formerly known as ServerJS) has become the essential hub around the development of server side JavaScript (SSJS). SSJS for years has suffered from fragmentation, but the CommonJS project has provided the momentum to bring different frameworks together and start building interoperable modules. SSJS is ripe with potential; JavaScript has been soaring in popularity and the ECMAScript 5 specification was recently accepted. JavaScript has proven itself as the language of the web’s client-side (even ActionScript is a derivative of JavaScript). The opportunity to use the same language on both client and server is certainly most realistic and viable with JavaScript as it avoids the need for translation.
CommonJS
CommonJS has focused on developing critical APIs for building reusable modules, particularly for server-side JavaScript environment. The server-side is generally based around database interaction, file I/O, HTTP serving, and the generation of data formats and HTML, whereas the client-side is based around DOM manipulation and the browser object model. There are certainly APIs that can be used on both sides, and JavaScript on the client and server invites the reuse of APIs where possible. The WebWorker, Indexed Database, and XHR APIs are promising to be enormously beneficial on the server side, and with excellent client server consistency. But still the server side requires special attention, and CommonJS is bringing the needed standards and conventions.
Persevere 1.0
Friday, November 13th, 2009Persevere 1.0 is now available for download. Persevere is a JavaScript storage and application server that uses a standards-based interface of HTTP/REST, JSON-RPC, JSONPath, and REST Channels. Persevere is designed for rich client applications and can be used with any framework or client. The Persevere Server runs on Rhino and provides persistent data storage of dynamic JSON data in an interactive server side JavaScript environment with the following key features:
- Create, read, update, and delete access to persistent data through a standard JSON HTTP/REST web interface
- Dynamic object persistence – expando objects, arrays, and JavaScript functions can be stored, for extensive JavaScript persistence support
- Remote execution of JavaScript methods on the server through JSON-RPC for a consistent client/server language platform
- Flexible and fast indexed query capability through JSONQuery/JSONPath
- Comet-based data monitoring capabilities through HTTP Channels with Bayeux transport plugin/negotiation support
- Data-centric role-based object level security with user management, Persevere is designed to be accessed securely through Ajax with public-facing sites
- Comprehensive referencing capabilities using JSON referencing, including circular, multiple, lazy, non-lazy, cross-data source, and cross-site referencing for a wide variety of object structures
- Data integrity and validation through JSON Schema based definitions
- Class-based data hierarchy – typed objects can have methods, inheritance, class-based querying
- Pluggable data source architectures – SQL tables, XML files, remote web services can be used as data stores
- Object versioning with transactional history of record states
Persevere in use
Recently, Cramer Development put together a slick little application for making sticky notes. They discuss how quickly the application came together, as Persevere allowed them to quickly establish a data API, and then focus on the client side interface.
Other users include:
- DataStream Content Solutions is using Persevere to build an XML repository for legal data in combination with MarkLogic.
- Montana State University is using Persevere for their Yogo Data Management Project.
- Another multi-national company is using Persevere in production for Intranet applications, with consistent usage from a number of users.
- And, of course, we at SitePen are using Persevere for a number of the applications we are developing.
Numerous others are using Persevere in a variety of ways.
Learning more
There are a number of resources for learning more about Persevere and getting started with it.
- Persevere Documentation
- Download Persevere
- SitePen Persevere Support
- SitePen Persevere Blog
- Getting Started with Persevere Using Dojo
- Persevere Mailing List
- Persevere + Dojo (using Comet) demonstration
What’s Next
With Persevere 1.0 finished, we are already working on the next version which will be based on the new Pintura architecture. Pintura is the new JavaScript core for the Persevere HTTP interface that is based on the CommonJS and JSGI API. Pintura will run on any CommonJS/JSGI capable JavaScript engine (support for V8, JSCore, and Spidermonkey coming).
Narwhal on Persevere
Tuesday, September 1st, 2009Narwhal is an open source toolkit for server-side JavaScript that delivers a growing library of useful modules implementing the CommonJS standard library API. CommonJS is an effort to provide a standard library for server side JavaScript (or JavaScript in any privileged environment) and Narwhal is the most extensive implementation of the library API. Narwhal provides numerous system level functions and IO capabilities with streaming and File interaction.
Persevere is a framework for server-side JavaScript with object persistence and direct mapping to RESTful HTTP interaction. These two projects can complement each other very nicely and since Persevere implements the CommonJS API for module loading, Narwhal’s standard library of modules can now easily be utilized within Persevere.
JavaScriptDB: Persevere’s New High-Performance Storage Engine
Monday, April 20th, 2009The latest beta of Persevere features a new native object storage engine called JavaScriptDB that provides high-end scalability and performance. Persevere now outperforms the common PHP and MySQL combination for accessing data via HTTP by about 40% and outperforms CouchDB by 249%. The new storage engine is designed and optimized specifically for persisting JavaScript and JSON data with dynamic object structures. It is also built for extreme scalability, with support for up to 9,000 petabytes of JSON/JS data in addition to any binary data.
Stocker: Advanced Dojo Made Easy
Wednesday, April 1st, 2009SitePen is excited to announce Stocker, which demonstrates some of the more advanced capabilities of Dojo, including the newly released DataChart, the DataGrid, Data Store, Comet, Persevere, and BorderContainer. SitePen is also offering a one-day workshop where you will learn how to create Stocker yourself, but I’m here to give you a sneak peak of what Stocker is and how it works.
Stocker uses these technologies to emulate a stock monitoring application. We’re using made up data, but that’s actually more interesting. The Persevere server generates new stock items at certain intervals, and then pushes them to the browser with Comet. Then the Data Store updates its items and triggers an onSet notification. The DataGrid and DataChart are both connected to the same store, and are listening to that event. They then update their displays and show the stock items and their latest data.
Security in Persevere
Friday, March 6th, 2009Persevere’s security system provides a powerful infrastructure for controlling access to a system by combining the best aspects of capability-based security with role-based security. Persevere has a full user management system and granular per-object access control with inheritance. This system is designed such that it is very easy to use the default Persevere security to handle your access or integrate with an existing authentication system. Any part of the security system can be redefined and customized. Persevere can also be started without enabling security to make it easier to start development.
Follow Us
Subscribe