Iβm focusing on origin iFrame isolation combined with OPFS (Origin Private File System), which is now a baseline capability in modern browsers:
Origin private file system - Web APIs | MDN
The origin private file system (OPFS) is a storage endpoint provided as part of the File System API, which is private to the origin of the page and...
. OPFS is gated behind Secure Contexts
, ensuring that these APIs are only available in environments served over HTTPS or equivalent.
Unlike IndexedDB, OPFS avoids metadata leakage. With IndexedDB, even if the stored data itself is protected, attackers can sometimes infer information from exposed metadata such as database names, schema details, or object store structures. This can reveal sensitive application logic or usage patterns. OPFS, by contrast, provides a simpler, file-like interface that doesnβt expose this kind of structural metadata, reducing the attack surface.
OPFS is also faster because it operates a layer closer to the file system, making it more efficient for handling large binary data and streaming workloads. This performance advantage is particularly useful for applications that need to persist signed content. For example, SQLite can be used on top of OPFS to capture signed posts in a vault for backup. Since these posts are addressable by their SHAβ256 hash, they can be stored and retrieved deterministically, ensuring both integrity and verifiability. Here is some research on how notion use SQLite and WASM to speed up their project.
Notion
Notion engineers sped up Notion's browser speed with WASM SQLite
Notion engineers sped up Notion's browser speed with WASM SQLite
Here is also some documentation from Google for origin policy related info
Chrome for Developers
SQLite Wasm in the browser backed by the Origin Private File System | Blog | Chrome for Developers
Coming from the SolidProject.org ecosystem, I began this research before discovering Nostr:
LDUX - Local PDS (Protect Your Home)
Research document for local origin first with encryption at rest, PIR, and CRDT syncing for public data. Private~Public
. It was intended for research only. I shifted gears when I discovered Nostr and have been focusing on wrapping my head around NFC, ISO 7812, NDEF, NTAG424 DNA, OpenPGP, GnuPG KeyGrips, and related technologies. WebWorkers and iFrame isolation provide secure, origin-bound contexts that enforce browser-level security boundaries, aligning with the Secure Contexts standard, but when you add OPFS, itβs like putting that model on steroids.
I look forward to watching your project. Great design kick off and this is heading in the right direction.
View Article β