W3C home > Mailing lists > Public > public-device-apis@w3.org > September 2010

Re: Widgets - WARP, Widgets Updates and Digital Signatures

From: Nathan <nathan@webr3.org>
Date: Thu, 16 Sep 2010 17:17:33 +0100
Message-ID: <4C92431D.2070406@webr3.org>
To: marcosc@opera.com
CC: public-webapps <public-webapps@w3.org>, public-device-apis <public-device-apis@w3.org>
Marcos Caceres wrote:
> On Fri, Sep 3, 2010 at 7:52 PM, Nathan <nathan@webr3.org> wrote:
>> Hi All,
>>
>> Simply wondering why WARP, Widgets Updates and Digital Signatures aren't
>> used to deploy js applications which run in the main browser context?
> 
> I guess because they all have counterparts on the Web stack:
> 
> WARP is the widget equiv. of XHR 2 + CORS

Do WARP and XHR2+CORS not address different issues, where WARP requests 
access from the user agent to retrieve a network resources, and CORS 
requests access from the network resources?

> Widget Updates is the widget equiv of HTML5 manifest or HTTP expiries.

Cool, I follow what you're saying and will spend some time getting up to 
date on manifests :)

> Dig Sig is the equiv. of HTTPS

Need to think about that one more, surely one widgets-digsig allows a 
package to be distributed through multiple channels and is somewhat akin 
to typical code/application signing solutions on the desktop, whereas 
HTTP+TLS is just that, message delivery over TLS.

>> seems
>> like a nice solution that would work webscale, and which would provide
>> further user security, identification of trusted apps and cover the other
>> half of CORS which is informing and protecting the user.
>>
>> Perhaps one of the vendors has already implemented in the main context?
> 
> Hope that helps.

Indeed it does somewhat, I'd been putting off wrapping my head round 
manifests so will get up to date,

Cheers,

Nathan
Received on Thursday, 16 September 2010 16:18:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:13 GMT