WASI: the WebAssembly System Interface defines a portable, capability-based set of system calls (files, clocks, random) so WASM modules can run outside the browser on servers and edge runtimes.
2 / 5
What does it mean that WASI uses a capability-based security model?
Capability-based security: rather than ambient authority, a WASI module receives handles (e.g., a pre-opened directory) and can act only within those. It cannot, say, read arbitrary files it was not given access to.
3 / 5
Why is WebAssembly considered portable?
Portability: WASM is a CPU-agnostic bytecode. A single .wasm file runs unchanged on x86, ARM, Linux, or Windows wherever a runtime like Wasmtime exists, easing distribution.
4 / 5
What is a WASM runtime such as Wasmtime or Wasmer?
WASM runtime: the engine that JIT- or AOT-compiles WASM bytecode to native code and supplies the imported host functions (including WASI), enabling the module to run securely outside a browser.
5 / 5
What advantage does WASM offer for plugin systems?
Sandboxed plugins: hosts can run customer-written extensions compiled from many languages to WASM, confident the code is isolated by the runtime and limited by the capabilities granted, all at high performance.