W3C home > Mailing lists > Public > public-sysapps@w3.org > April 2014

Re: Discussing security model of sysapps

From: Dave Raggett <dsr@w3.org>
Date: Tue, 01 Apr 2014 17:29:39 +0100
Message-ID: <533AE973.8080201@w3.org>
To: POTONNIEE Olivier <Olivier.POTONNIEE@gemalto.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>
CC: Wonsuk Lee <wonsuk11.lee@samsung.com>, Mounir Lamouri <mounir@lamouri.fr>, "public-sysapps@w3.org" <public-sysapps@w3.org>

On 01/04/14 16:38, POTONNIEE Olivier wrote:
> Thanks Dave for this good status overview. I would however like to comment on 2 points:
>
> You say:
>> ... there is a general consensus on using a
>> manifest for the web app's metadata. Browsers can download this along
>> with the rest of the app's components, avoiding the need for packaging.
> There is not interoperable way to do this. The manifest is not sufficient, unless we add additional data in it, to download the full set of application's resources. What is a "packaged" app and how to download it is not specified.

I believe that although there is no detailed agreement on packaged apps, 
there is an shared intention to support hosted apps in an interoperable 
way.  I would like to hear more about how the browser determines the 
full set of components to download and cache when "installing" a hosted 
app.  My understanding is that the manifest file isn't intended to list 
the app's components. The appcache spec is known to flawed and it would 
be good to get an update on progress on replacing it.

> You say:
>> Apps may be divided up according to whether they have a digital
>> certificate from a trusted third party.
> The is no specification defining how to attach a signature to a SysApp (there was widget signatures though, but this is not applicable to Sys Apps as is). This is probably something we have to address.

It looks like we certainly need a standard way to attach signatures to 
hosted apps, and this presumably is tied up to how the set of app 
components are referenced.

Best regards,

-- 
Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
Received on Tuesday, 1 April 2014 16:30:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:20 UTC