- From: Marcos Caceres <w3c@marcosc.com>
- Date: Mon, 8 Apr 2013 08:15:33 +0100
- To: public-sysapps@w3.org
On Monday, April 8, 2013 at 4:32 AM, Jonas Sicking wrote: > > On Apr 3, 2013 1:37 PM, "SULLIVAN, BRYAN L" <bs3131@att.com (mailto:bs3131@att.com)> wrote: > > > > > > > > There are several ideas in this thread that make using cross-origin > > > communication easier. I just don't see the advantage of packaged web app > > > sharing origin with some arbitrary site, for example when compared to using > > > WARP. > > > > > > Something like a WARP based solution requires signing by a trusted > > party. This has at least the following downsides > > * You can't distribute your app without going through a set of > > gate-keepers. And we're trying to avoid building a platform with > > gate-keepers. > > * Whoever does the signing can make mistakes. I.e. it's it's very hard > > to find a cleverly written program that looks harmless, but that > > actually steals the user's information. > > > > <bryan> WARP does not require signing. All it requires is that the UA / app manager provide a means for the user to be informed about what sites are requested under the access rules, and to either approve that access or not. WARP works fine for unsigned apps. > Sorry, I shouldn't have spoken for WARP without learning more about it. > I personally don't think it's a good idea to ask the user which websites an app should be able to connect to outside of the usual web SOP. > This is a very technical question and very few users are likely to understand the implications of such a question. I agree with Jonas. Showing a list of URLs is unhelpful (as it's usually too long and simply gets chopped). See, for example the following screenshot from a popular Chrome Extension: https://dl.dropbox.com/u/38490906/permissions.gif Opera Extensions, which uses WARP, basically does the same thing. -- Marcos Caceres
Received on Monday, 8 April 2013 07:16:28 UTC