Re: Privileged and certified-level app, was Re: Clarity over direction of work on runtime and security model? from Kostiainen, Anssi on 2013-10-04 (public-sysapps@w3.org from October 2013)

From: Kostiainen, Anssi <anssi.kostiainen@intel.com>
Date: Fri, 4 Oct 2013 11:32:45 +0000
To: Dave Raggett <dsr@w3.org>
CC: Marcos Caceres <w3c@marcosc.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>, Claes1 Nilsson <Claes1.Nilsson@sonymobile.com>, Kenneth Rohde Christiansen <kenneth.christiansen@gmail.com>, Anders Isberg <Anders.Isberg@sonymobile.com>
Message-ID: <52E9C9F3-B553-4EEA-B080-234AC1AD33F0@intel.com>

On Oct 4, 2013, at 12:44 PM, Dave Raggett <dsr@w3.org> wrote:

> On 04/10/13 10:20, Kostiainen, Anssi wrote:
>> Dave - how close we are in getting this work into an appropriate W3C working group?
> 
> The SysApps charter allows for work on privileged and certified-level apps, and allows the app's resources to be loaded at install time (aka packaged app) or at run time (aka hosted app). The charter further allows us to refactor how this work maps to deliverables as appropriate.
> 
> WebApps owns the packaging and manifest format, but SysApps is responsible for aspects specific to the needs for system applications, i.e. security contexts other than the regular browser context.
> 
> If we see value in basing our work on deliverables from other groups, we need to factor this into the expected schedule. It could be that some work we want to rely on is at a very early stage, e.g. not yet in an existing working group charter.
> 
> But perhaps I am misunderstanding you. Could you please expand what you mean by "this work"?

By "this work" I referred to ServiceWorkers. Sorry, if that was unclear.

>> I'm wondering if rechartering the group would help align us around
>> the revised goals, assuming we as a group land on a consensus we need
>> to revise the goals and scope.
>> 
>> [On a related note, rechartering DAP helped the group make better
>> progress with its deliverables.]
> 
> If we see a need for rechartering, fine, but there is a definite cost to doing it. Can we clarify where the current charter is insufficient?

Based on the recent discussion on the list, it seems the group may want to re-evaluate the expectations set for the "Execution Model" and "Security Model". Specifically, the current charter uses wording such as "how XXX differs from the traditional browser-based XXX". However, I'm hearing diverging too far from the current browser-based model may not be what the group wants.

It could be this does not require rechartering at all, just clarifying the goals and the scope without rechartering formally.

DAP did tighten its scope when it rechartered by saying the group "aims at crafting APIs [...] based on the current Web browser security model". As an editor of many of the DAP group's specs, I can say it helped the group to focus and ship.

Thanks,

-Anssi

Received on Friday, 4 October 2013 11:34:29 UTC