Sandboxing Metaview Applications
Foreign code execution
A part of the design of metaview is the ability to execute foreign code. This will enable developers to create interactive experiences within metaview. Essentially, developers need to be able to access APIs to interact with the instance the user is currently in, eg. spawning new models, handling player interaction, communicating with other users within the instance.
One must keep in mind, though, that executing arbitrary code is very dangerous from a security standpoint, unless done correctly. The World Wide Web browsers face the same problem -- creating a platform for interactivity while perserving its security.
- The creation and management of glTF model instances;
- Additional rendering capabilities like text rendering;
- Communication between local and remote applications (networking);
- Access to cryptographic APIs for identity verification, encryption, and so on;
- The ability to listen for and respond to hardware events (button presses, movement)
I suspect the APIs would in the end not be too dissimilar, but there are some specifics that need to be addressed when working with decentralized networks and VR/AR 3D rendering, as opposed to 2D web pages.
It would be preferrable to separate most functionality of the API (like cryptography) into a shared WASM library, if possible. That way, the API surface could be minimized, reducing the maintenance cost and the potential for security vulnerabilities.
Additionally, it would be desirable if applications could utilize concurrency, so it could, for example, run one thread to handle physics interactions of entities and another thread to handle hardware events like button presses. Unfortunately, the standardization of multithreading in WASM is still underway.