W3C home > Mailing lists > Public > public-sysapps@w3.org > September 2013

RE: Clarity over direction of work on runtime and security model?

From: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
Date: Wed, 18 Sep 2013 11:27:23 +0200
To: 'Kenneth Rohde Christiansen' <kenneth.christiansen@gmail.com>, Marcos Caceres <w3c@marcosc.com>, Dave Raggett <dsr@w3.org>, "public-sysapps@w3.org" <public-sysapps@w3.org>, "Isberg, Anders" <Anders.Isberg@sonymobile.com>
Message-ID: <6DFA1B20D858A14488A66D6EEDF26AA301F07C9762CC@seldmbx03.corpusers.net>
This makes me a bit puzzled.

* Don't we for example need to specify somewhere what a privileged and certified-level app is? Will that be part of the manifest specification?
* I don't think that the user should be able to configure whether prompting should occur or not. 

Generally we are now in situation where it is very unclear on what should be normatively specified and what should stay implementation specific. I think that we should agree on some plan for web system apps runtime and security that includes:

1. What will be normatively specified and what should stay implementation specific so that interoperability could be achieved.
2. Which specifications will we have and the scope of each specification.
3. What it is expected that each API specification should define relating to runtime and security.

In addition I would like to stress that Sony considers support for hosted, i.e. not only packaged, system apps in a secure manner very prioritized.

Best regards

> -----Original Message-----
> From: Kenneth Rohde Christiansen
> [mailto:kenneth.christiansen@gmail.com]
> Sent: den 17 september 2013 18:40
> To: Marcos Caceres
> Cc: Dave Raggett; public-sysapps@w3.org
> Subject: Re: Clarity over direction of work on runtime and security
> model?
> Though you might want to show how the permissions fit into the manifest,
> but define the name of the permission in the respective spec (say
> Contacts or Bluetooth spec)
> Kenneth
> On Tue, Sep 17, 2013 at 6:36 PM, Marcos Caceres <w3c@marcosc.com>
> wrote:
> >
> >
> >
> > On Tuesday, September 17, 2013 at 4:54 PM, Dave Raggett wrote:
> >
> >> So am I correct in that we don't expect to have a standard covering
> >> the permissions requested in app manifests? Won't this cause interop
> >> problems for system applications across different run-times?
> >>
> >
> > I don't think it would, as this could be specified at the API level
> independently of the runtime spec. For example, some certified-level
> apps don't prompt at all, while privileged-levels ones do. This could
> also be user configurable.
> >
> >
> --
> Kenneth Rohde Christiansen
> Senior Engineer, WebKit, Qt, EFL
> Phone  +45 4294 9458 / E-mail kenneth at webkit.org
> ﹆﹆﹆

Received on Wednesday, 18 September 2013 09:27:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:15 UTC