W3C home > Mailing lists > Public > public-sysapps@w3.org > August 2013

Re: Sysapp Runtime: Allow-Navigation

From: Mounir Lamouri <mounir@lamouri.fr>
Date: Mon, 12 Aug 2013 14:48:28 +0100
Message-ID: <5208E7AC.9080400@lamouri.fr>
To: "public-sysapps@w3.org" <public-sysapps@w3.org>
CC: SUWIRYA Darmawan <Darmawan.SUWIRYA@gemalto.com>
On 03/07/13 16:39, SUWIRYA Darmawan wrote:
> Hi,
> 
> We would like to seek for clarification regarding chapter 7 of the
> runtime spec.
> 
> Use case example :
> 
> 1. App-1 is a hosted app, with origin from www.myapp.com
> <http://www.myapp.com>.
> 
> 2. In its manifest, it declares for permission to access Messaging and
> Raw Socket APIs.
> 
> 3.. In its manifest, it also declares to allow-navigation to
> www.myapp-service.com <http://www.myapp-service.com>.
> 
> 4. Messaging API is used in : www.myapp.com/run1.html
> <http://www.myapp.com/run1.html>.
> 
> 5. Raw Socket API is used in : www.myapp-service.com/run2.html
> <http://www.myapp-service.com/run2.html>.
> 
> 6. User installed this App-1.
> 
> 7. User executes this App-1.
> 
> 8. User hits www.myapp.com/run1.html <http://www.myapp.com/run1.html>
> page, and messaging API access works fine.
> 
> 9. User then hits www.myapp-service.com/run2.html
> <http://www.myapp-service.com/run2..html> page. Will Raw Socket API
> access works fine also here ?

No. myapp-service.com isn't part of the application origin even if the
navigation there is allowed.

> 10. Then finally, how if the App-1 above is actually a packaged-app ?
> Will the behavior be exactly the same ?

Yes.

The idea of allow-navigation is to allow the user to leave the
application origin to go to a third party website. For example, you
might want your user to be able to navigate to a-payment-provider.com so
he/she can complete the payment of an item.

It's worth mentioning that this feature is an idea that has been thrown
in this specification. I am not aware of any implementation. This said,
you question seems more related to the origin and security model related
to permissions.

Cheers,
--
Mounir
Received on Monday, 12 August 2013 13:49:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:14 UTC