- From: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
- Date: Tue, 8 Oct 2013 10:56:20 +0200
- To: 'Marcos Caceres' <w3c@marcosc.com>
- CC: Kenneth Rohde Christiansen <kenneth.christiansen@gmail.com>, Dave Raggett <dsr@w3.org>, "public-sysapps@w3.org" <public-sysapps@w3.org>, "Isberg, Anders" <Anders.Isberg@sonymobile.com>
Let me come back on these questions. I plan to have internal meetings with security experts and hope to provide a more tangible proposal for hosted apps later. BR Claes > -----Original Message----- > From: Marcos Caceres [mailto:w3c@marcosc.com] > Sent: den 7 oktober 2013 16:27 > To: Nilsson, Claes1 > Cc: Kenneth Rohde Christiansen; Dave Raggett; public-sysapps@w3.org; > Isberg, Anders > Subject: Re: Hosted apps, was Re: Clarity over direction of work on > runtime and security model? > > > > On Friday, September 27, 2013 at 3:39 PM, Nilsson, Claes1 wrote: > > > What could we achieve by using a signed manifest in combination with > securely transported content? > > > > How does one sign the manifest? What format? > > > The manifest is signed by the app store and states that the url: > https://www.foo.com/myapp is trusted. Content Security Policy is set to > script-src 'self'. All script content must come from the same site, i.e. > it should not be allowed to load script content from a 3rd party. > The problem is that the server can still be hacked (e.g., the hosted > app loads an RSS feed or user comments). > > With this model the app store can revocate the manifest similar to > revocation of packaged app. > > > > The WG does not have a "kill switch" AFAIK. I don't know if anyone even > implemented such a thing for W3C widgets in the old days. > > -- > Marcos Caceres > >
Received on Tuesday, 8 October 2013 08:56:51 UTC