Position Paper for the Joint W3C/OMG Workshop on Distributed Objects and Mobile Code John Ousterhout Sun Microsystems Laboratories john.ousterhout@eng.sun.com Apologies for this late submission; I just realized that we missed the deadline but I hope that you can still consider this position paper even though it is one day late. We would like to send 1-2 members of the Sun Labs Tcl/Tk team to the workshop, and we think that our work on Tcl and Tk is highly relevant to the workshop. Tcl and Tk offer a high-level scripting language for mobile code and for integrating the World-Wide Web with OMA and other Internet and enterprise applications. Tcl and Tk have the following interesting properties: - Rapid application development, particularly for GUIs. Tcl and Tk provide a high-level interface for describing applications, which allows a broad class of applications to be built an order of magnitude more quickly, and with an order of magnitude less code, than traditional toolkits based on C or C++. - Easy integration. Tcl is an excellent "glue" language that makes it easy to tie together existing programs and compose larger systems out of smaller ones. Tcl is embeddable, which means that it can easily be incorporated into C/C++ applications. - Portability and mobility. Tcl and Tk run on all the major platforms and it is easy to send Tcl scripts between applications and platforms. - Security. The Safe-Tcl features present in the latest Tcl releases provide a secure yet flexible mechanism for executing untrusted scripts. Safe-Tcl uses a "padded cell" approach similar to the user-space/kernel-space model that has been used by operating systems for more than 30 years. It is both the simplest and the most flexible approach in existence for secure execution of mobile code. In the Tcl/Tk project at Sun Microsystems Laboratories we are working on a number of projects that may be of interest to this workshop: - Continued development of Safe-Tcl. Although the basic security mechanisms for Tcl are in place now, there is still more work to be done for Tk to reduce the opportunities for spoofing. We are also working on mechanisms to limit resource consumption and on a basic set of secure policies. Although Safe-Tcl allows any policies whatsoever, we think it is essential to provide a basic set of policies to meet the most common needs of applications. Our main focus right now is on the relationship between mobile code and a firewall; for example, it should be possible for a mobile application to access information inside a firewall where it executes, but once it has done this the mobile code should not be able to leak the information out onto the net. Alternatively, it should be possible for a mobile application to query information outside the firewall on behalf of the user, but not if the external contacts could leak information retrieved from inside the firewall. - Netscape plug-in. We are constructing a Tcl/Tk plug-in for Netscape, which will allow people to write mobile Tcl/Tk applications that are fetched and executed on demand using Netscape's Navigator and other browsers that support the Netscape plug-in interface. This will allow Tcl and Tk to be used for most or all of the things that Java is currently used for, and will give Internet programmers the option of using either a scripting language (Tcl) or a system programming language (Java) depending on their needs. - HTML library. We have written a library of Tcl scripts for retrieving and displaying HTML. The library consists of only about 2000 lines of Tcl/Tk scripts, yet provides complete HTML level 1 and 2 functionality. The library makes it easy for Tcl/Tk applications to become Web-aware. - Web authoring. We are working on a Web authoring system called WebEdit. The current version of WebEdit is an HTML editor written with Tcl and Tk and using the above-mentioned HTML library. However, we plan to add microscripting support with Tcl, so that the pages can contain mixtures of HTML and Tcl/Tk scripts. The Tcl/Tk scripts might be executed when the Web page is fetched (e.g. via the CGI interface) to fill in variable parts of the page, or on the client when the page is displayed (e.g. using the Netscape plug-in). This will provide a flexible mechanism for incorporating small amounts of code into mostly-HTML applications.