W3C home > Mailing lists > Public > public-sysapps@w3.org > June 2012

RE: capability restrictions in the runtime strawman

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Mon, 25 Jun 2012 19:41:56 +0000
To: Robin Berjon <robin@berjon.com>, "Carr, Wayne" <wayne.carr@intel.com>
CC: W3C SysApps <public-sysapps@w3.org>
Message-ID: <59A39E87EA9F964A836299497B686C350FF1B6D1@WABOTH9MSGUSR8D.ITServices.sbc.com>
I think a discussion of the objectives, implications, real effect upon security (how long constraints will last in the clever world of the Web), are all useful to consider. The Web has become a distributed application framework with components and intelligent media scattered all over. In the "drive by" Web (I like that term!) this may be the reality, but it might not be secure enough for installable web apps. We tried to lock this down somewhat for widgets (in WARP) but I suggest there be a more thorough analysis when we are talking about native apps, and consider more types of referenced content.

In the end though, I think trust in the source of the app (and the distributor) will be paramount. Even well-tested apps can be tricked, but I will feel better knowing the app went though some degree of certification.

Thanks,
Bryan Sullivan 

-----Original Message-----
From: Robin Berjon [mailto:robin@berjon.com] 
Sent: Monday, June 25, 2012 10:52 AM
To: Carr, Wayne
Cc: W3C SysApps
Subject: Re: capability restrictions in the runtime strawman

On Jun 25, 2012, at 10:23 , Carr, Wayne wrote:
>> For instance, the ability to load remote scripts into a secure context creates
>> interesting security issues. Should it be disabled, or should developers who rely on
>> that for trusted apps just be made to dress up as Barney the Dinosaur for the
>> following three months? If remote scripts are verboten, should the same be done
>> to images?
> 
> It would seem odd that standalone apps that are the html5 equivalent of "native" apps wouldn't even be able to do the equivalent of what a Web page can do.  There can be the same kind of policy as CSP to set where resources can come from, set at install time.  

I don't want to argue either side at this point, but I think it is useful to take a step back and think about how you might want to frame this. If you think of it as removing features then it may indeed seem strange; but if you think of it as removing cruft (to pick a word that keeps this list family-friendly) such as Adam's synchronous XHR examples then it might seem like progress.

But again, that decision isn't to be made now - at this point I just encourage you all to take the time to think about the issue (and of course discuss it here to your hearts' content).

-- 
Robin Berjon - http://berjon.com/ - @robinberjon
Received on Monday, 25 June 2012 19:43:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 25 June 2012 19:43:07 GMT