RE: Request to make one proposal for execution model and security model from Jungkee Song on 2013-02-19 (public-sysapps@w3.org from February 2013)

From: Jungkee Song <jungkee.song@samsung.com>
Date: Tue, 19 Feb 2013 17:47:47 +0900
To: 'Mounir Lamouri' <mounir@lamouri.fr>, public-sysapps@w3.org
Cc: ming79.jin@samsung.com, Janusz Majnert <jmajnert@gmail.com>
Message-id: <03c001ce0e7d$cb3ac3d0$61b04b70$@samsung.com>
> -----Original Message-----
> From: Mounir Lamouri [mailto:mounir@lamouri.fr]
> Sent: Saturday, February 16, 2013 9:16 AM
> 
> On 13/02/13 14:08, Wonsuk Lee wrote:
> > Hi. Jungkee, Mounir, Jonas and all.
> >
> > Jungkee, thanks a lot for your proposal.
> >
> > Mounir and Jonas, for going forward, the WG have to get your
> > feedback!! I hope to get your opinions soon.
> 
> Hi,
> 
> Again, sorry for taking so long to reply to this.
> 
> I do not thing that merging the two documents is the best way to go. I
> think we will inevitably end up in contradictory terms and definitions and
> it would take a long time to unify the merged document. For example, you
> can see that the merged document mentioned "hosted applications",
> "packaged applications" and "system applications" depending on whether the
> block was originally written in the Mozilla's proposal or the Samsung's
> one.
> 
> I believe that the best way to start is to keep one document and expand it.
> That way, we can keep a consistent document and make sure that the feature
> set matches everyone's needs. Given that the features covered by the
> documents are not dramatically different, this shouldn't be a too hard
> process.
> 

It's not the case that the three terms have been unintentionally intermingled. As explained in the previous post, we had intended to use system application as a term to represent the installed web applications including both hosted apps and packaged apps. Indeed, the terms and definitions are topics we have to sort out during the discussion anyway.


> The current document from Mozilla defines an API for a web application to
> become a store, it defines what is a hosted applications and how an
> application can be self-hosted. We care particularly about those parts of
> our specification and we think that this is the angular stone of a
> successful web applications ecosystem. Those concepts are missing from the
> Samsung document and merged proposal. We also specify the System Message
> mechanism that we believe is important to make events working for
> installed web applications. Typically, it solves issues that the service
> request with the request event would run into (we can get into details
> later).
> 
> However, the document from Samsung has a better Execution model than the
> Mozilla proposal.
> 

We believe that one of the essential points of the standardization of this spec is to cover common aspects of Chrome, Firefox OS, Tizen, Webinos and other Web platforms. In that, the description of execution model would be crucial. We would like to take the following topics into account:

  * Execution Lifecycle (States and Events) *
  1) What are the possible execution states a web app could have?
  2) What events should be fired upon the state transition?
  3) Any additional system events required? (such as language change, low memory, etc.)
 
  * Browsing Context Management *
  1) Should runtime allow multiple windows opened concurrently?
    1-a) How to manage them (from UI perspective)?
    1-b) Do all of them receive lifecycle events or only the main browsing context?
  2) Should runtime allow browsing context navigation? (e.g., window.location)
  3) Inter-app communication (Web Activity or Web Intents) behavior in runtime environment
    3-a) Caller / callee view stack management
    3-b) Caller / callee lifecycle states and events
 
  * Runtime Security *
  CSP Policy resolution from different sources (http header, manifest, runtime default), Cross Origin Relaxation, etc.

  * Advanced Execution Model * for next version
  Execution model for background service page (which is covered only by Google strawman proposal)


> Except that, the main differences between those two documents are the API
> to manage the applications but we believe that there will be a lot of work
> on those anyway and whether we use Mozilla's or Samsung's API as a base,
> it is quite unlikely that the final document will look similar to the
> first iteration.
> 
> As a consequence, we would like to propose to use Mozilla's document as a
> base for the Execution and Security Model specification and update the
> document to include the missing features from the Samsung execution model
> which the Mozilla draft doesn't currently have. Specifically we propose to
> add the following properties on the Application interface:
> onlaunched, onterminated, onresumed, onpaused as well as the hide()
> function. Is there anything else we could add to make this go forward?
> 

We agree to consider the above properties in the interface definition.

With all due respect, we agree to use Mozilla's proposal as a base document in order to move it forward. :-) Once you agree, I will prepare the document incorporating execution model and browsing context content in which you can add the interface changes later.


> Sorry again for this late reply and I hope this proposal will make sense.
> 
> Thanks,
> --
> Mounir
Received on Tuesday, 19 February 2013 08:48:19 UTC