The common problems of security is not giving right to do something, but allowing to do this without user knowledge or by allowing to mix many possibilities.
Enclaves will:
- Split rights of web page JS onto JS Enclave Type.
- Giving new possibilities to some enclaves type, like Tab Storage for Tab Enclave
Basically. Enclaves must be created and it have different rights than normal JS code and other kind of Enclaves. It could be like webworker. It could read global variables, but cannot write variables created by other enclaves or code not executed in enclave. Additionally, creating some kind of enclaves, such like tab enclave, will require user permission.
I have two kind of enclaves, for proposal:
-
Tab enclave
It could be created to use tab storage, special storage carried between web pages. Web page could receive reload event and remove private items or defining rights to uri for some items. It could allow to play one web game multiple time, since each instance of game will create tab enclave and use tab storage to store data. Tab enclave could use tab storage, but cannot do many other things, such like sending data over network. -
Stylesheet enclave
If web page decided to not use many properties in normal JS context, it could create style enclave to read elements style and write to it. Additionally, style enclave will allow to define viewport (scroll page, zooming, etc.). Most important is, style enclave will allow page to user each CSS property for each selector. There will be no need to restrict this prior privacy purposes. Style enclaves couldn’t send data over network.
I think each enclave should not send data over network.