In ECMAScript, a realm consists of a global object and an associated set of primordial objects – mutable objects like Array.prototype that must exist before any code runs. Objects within a realm implicitly share these primordials and can therefore easily disrupt each other by primordial poisoning – modifying these objects to behave badly. This disruption may happen accidentally or maliciously. Today, in the browser, realms can be created via same origin iframes. On creation, these realms are separate from each other. However, to achieve this separation, each realm needs its own primordials, making this separation too expensive to be used at fine grain.

Though initially separate, realms can be brought into intimate contact with each other via host-provided APIs. For example, in current browsers, same-origin iframes bring realms into direct contact with each other’s objects. Once such realms are in contact, the mutability of primordials enables an object in one realm to poison the prototypes of the other realms.

This talk discuss support for ultra-fine-grain protection domains in JavaScript. Minimizing standardization, development, explanation, and runtime costs. While at the same time maximizing robustness, security, compatibility, simplicity, and expressiveness benefits.

Mark S. Miller is the main designer of the E and Dr. SES distributed object-capability programming languages, inventor of Miller Columns, a pioneer of agoric (market-based secure distributed) computing, an architect of the Xanadu hypertext publishing system, a representative to the EcmaScript committee, and one of Yedalog’s creators.