W3C home > Mailing lists > Public > public-sysapps@w3.org > April 2014

RE: Discussing security model of sysapps

From: Marcos Caceres <w3c@marcosc.com>
Date: Tue, 1 Apr 2014 15:57:04 -0400
To: POTONNIEE Olivier <olivier.potonniee@gemalto.com>, GALINDO Virginie <virginie.galindo@gemalto.com>, Dave Raggett <dsr@w3.org>
Cc: Mounir Lamouri <mounir@lamouri.fr>, Wonsuk Lee <wonsuk11.lee@samsung.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>
Message-ID: <etPan.533b1a11.3fa57e06.df4d@Marcoss-MacBook-Pro.local>

On April 1, 2014 at 11:39:08 AM, POTONNIEE Olivier (olivier.potonniee@gemalto.com) wrote:
> > You say:
> > ... there is a general consensus on using a
> > manifest for the web app's metadata. Browsers can download  
> this along
> > with the rest of the app's components, avoiding the need for  
> packaging.
> There is not interoperable way to do this. The manifest is not  
> sufficient, unless we add additional data in it, to download  
> the full set of application's resources. What is a "packaged"  
> app and how to download it is not specified.

Functionally, a packaged application is the same as a web application. It is a URL space whose resources are scoped to what is available inside a zip file. If the application can access resources outside its origin (i.e., outside of app://), that is controlled via CSP. That's all pretty well specified, AFAIK. 

Can you explain what use cases are missing? Or what is not covered? Preferably, please use an example as I have trouble when things get too abstract. 

Marcos Caceres
Received on Tuesday, 1 April 2014 19:57:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:20 UTC