Re: Privileged and certified-level app, was Re: Clarity over direction of work on runtime and security model? from Kostiainen, Anssi on 2013-10-02 (public-sysapps@w3.org from October 2013)

From: Kostiainen, Anssi <anssi.kostiainen@intel.com>
Date: Wed, 2 Oct 2013 12:44:14 +0000
To: "public-sysapps@w3.org" <public-sysapps@w3.org>, Marcos Caceres <w3c@marcosc.com>
CC: "Nilsson, Claes1" <Claes1.Nilsson@sonymobile.com>, "Kenneth Rohde Christiansen" <kenneth.christiansen@gmail.com>, Dave Raggett <dsr@w3.org>, "Isberg, Anders" <Anders.Isberg@sonymobile.com>
Message-ID: <F14FF8FC-A847-4973-84DA-8DE04149D91A@intel.com>

On Sep 25, 2013, at 1:48 PM, Marcos Caceres <w3c@marcosc.com> wrote:

[...]

> This means that, from the get-go, certified and privileged packaged apps cannot be shared across runtimes in an interoperable manner (without replacing the signature, which kinda defeats the purpose).
> 
> Question for the SysApps WG is: do we want to attempt to standardise a digital signature scheme for packaged apps?

A follow up question to the group, assuming digsig is scoped out:

What is the problem the group would like to solve by standardizing "unsigned" packaged apps that is not solved by "hosted apps" (for the sake of a better word) and ServiceWorkers (that will hopefully address the offline problem)?

It seems the runtime-related bits on which to reach consensus on are:

* App Manifest
* App Lifecycle and Events
* ServiceWorkers

Thanks,

-Anssi

Received on Wednesday, 2 October 2013 12:45:26 UTC