The KISS Principle
The KISS principle (Keep it Simple, Stupid) is the desire to focus on the simplest solution and avoid unecessary complication. This is the driving principle behind the Web Sandbox.
The Web Sandbox is an evolution of earlier work we did around Windows Live Gadgets. The original model for Windows Live Gadgets was built on a library which synthesized a complete programming platform and paradigm. For developers to build the best Gadget, they needed to learn and understand a new development methodology based on a strict componentization model and potentially asynchronous message pump. What did most developers do? They discovered how to bypass the entire platform, inject an iframe with their content, and just build a web page to represent their gadget. When this first happened, it was frustrating as developers were not taking full advantage of the platform. However, as other web gadget approaches surfaced, we continued to see this same pattern emerge. We recognized the web page is a great extensibility pattern that not only is readily accessible; but also is already supported by many tools.
With the Web Sandbox, we set out to embrace these patterns as well as existing web standards to enable extensiblity scenarios. You are already fully prepared to explore and write code that executes within the Sandbox. As you read through our documentation, you will notice we do not have, nor do we need, an SDK for "gadget" writers. You can leverage your existing knowledge, documentation, etc., to write your code.
The Sandbox allows you to embrace the existing W3C HTML document, ECMA JavaScript, and DOM programming models. You build an HTML page and it is automatically isolated and secured from the surrounding environment. Your component has its own unique document object model, isolated sub-tree, and namespace with automatic support for multiple-instancing and quality of service protections. This all happens transparently, allowing you to focus on developing against the W3C-based standards (e.g., event models, etc). The virtual machinery of the Sandbox manages the browser differences on your behalf. While no iframes are used, the Sandbox follows the standard iframe programming conventions enabling communications.
While the DOM provides an interaction model with the rendering surface, sites also need the ability to expose their own extnesibility API. The Sandbox security model is fully extensible to allow any site to add new capabilties or remove existing ones. For example, a host could provide APIs that allow a component to interact with a shared map on the page.