- From: Tobie Langel <tobie@w3.org>
- Date: Fri, 8 Mar 2013 17:01:22 +0100
- To: Dominique Hazael-Massieux <dom@w3.org>
- Cc: Frederick.Hirsch@nokia.com, public-closingthegap@w3.org
On Friday, March 8, 2013 at 4:19 PM, Dominique Hazael-Massieux wrote: > Le vendredi 08 mars 2013 à 14:29 +0000, Frederick.Hirsch@nokia.com (mailto:Frederick.Hirsch@nokia.com) a > écrit : > > The following paper mentioned by Brad Hill in his W3Conf presentation is very interesting and relevant: > > "Privilege Separation in HTML5 Applications" > > http://www.cs.berkeley.edu/~devdatta/papers/LeastPrivileges.pdf > > It is indeed very interesting; that said, I think it addresses isolation > at a different layer than the one I was thinking: it seems to be about > how to componentize a Web app to reduce the impact of potential > vulnerabilities, whereas I was asking about how to isolate one Web app > from another when it runs as a "first class citizen" (e.g. how to make > sure that being logged into a social network in such a Web app doesn't > let that transpire automatically in my regular browsing experience) Where some see this as a weakness, others see this as a feature. On mobile devices typing passwords is tedious. For the user, seamlessly navigating from in-app web views to the browser and back is critical to a good user experience. On native, this experience is terrible. For example, it is common that I receive an email notification that someone posted something I care about on Facebook. I click the link from my native mail client. This opens up the browser. I'm not logged in to Facebook on the browser, so I now manually navigate to the FB app. I go through the notifications there, find the one I care about. Click on it. I'm taken to the relevant part of the FB app, only to find out this was actually a tweet. So I click on it. I'm now within the in-app browser of the Facebook app, in Twitter. I want to reply. I'm of course not logged in to Twitter there. So I open up the link in the browser, where I hope to be logged in to Twitter. In a world of web apps sharing cookie jars, this whole experience could be resumed to: get a notification on my web mail client. Navigate to the link in the Facebook app. Click on the link to twitter. Hit reply. Done. There are possible privacy concern with a shared cookie approach. But what's a stake here in terms of user experience is so huge and potentially disruptive that possible privacy issues cannot allow to be dismissive about sharing cookie jars without exploring the problem further. Could we list the possible threats to sharing cookie jars? Then see if isolation really mitigates them (or just shifts the problem elsewhere). Can we look into mitigation strategies that still enable this seamless experience without trading security/privacy for it? Are there other options, outside of sharing cookie jars, that enable this kind of seamless experience? --tobie
Received on Friday, 8 March 2013 16:01:36 UTC