W3C home > Mailing lists > Public > public-sysapps@w3.org > April 2014

RE: Discussing security model of sysapps

From: POTONNIEE Olivier <Olivier.POTONNIEE@gemalto.com>
Date: Tue, 1 Apr 2014 23:30:38 +0200
To: Marcos Caceres <w3c@marcosc.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>, Dave Raggett <dsr@w3.org>
CC: Mounir Lamouri <mounir@lamouri.fr>, Wonsuk Lee <wonsuk11.lee@samsung.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>
Message-ID: <267D4E63A0D73044BFBB4199DA94D805041990756B41@CROEXCFWP04.gemalto.com>
Sorry, I was not trying to be abstract.

What I can't see in any specifications is:

As a web application developer, I want to provide an installable application that users can download an install on their device. How should I package my application in an interoperable way?

Or from the other side:

As a web application user, I browse to an online page that offers an installable web application. How can I (or the browser) download this application and install it on my device in an interoperable way?

By installable application I mean a packaged application that will run with app:// uri.


> -----Original Message-----
> From: Marcos Caceres [mailto:w3c@marcosc.com]
> Sent: Tuesday, April 01, 2014 2:57 PM
> To: POTONNIEE Olivier; GALINDO Virginie; Dave Raggett
> Cc: Mounir Lamouri; Wonsuk Lee; public-sysapps@w3.org
> Subject: RE: Discussing security model of sysapps
> On April 1, 2014 at 11:39:08 AM, POTONNIEE Olivier
> (olivier.potonniee@gemalto.com) wrote:
> > > You say:
> > > ... there is a general consensus on using a manifest for the web
> > > app's metadata. Browsers can download
> > this along
> > > with the rest of the app's components, avoiding the need for
> > packaging.
> >
> > There is not interoperable way to do this. The manifest is not
> > sufficient, unless we add additional data in it, to download the full
> > set of application's resources. What is a "packaged"
> > app and how to download it is not specified.
> Functionally, a packaged application is the same as a web application.
> It is a URL space whose resources are scoped to what is available
> inside a zip file. If the application can access resources outside its
> origin (i.e., outside of app://), that is controlled via CSP. That's
> all pretty well specified, AFAIK.
> Can you explain what use cases are missing? Or what is not covered?
> Preferably, please use an example as I have trouble when things get too
> abstract.
> --
> Marcos Caceres

This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Tuesday, 1 April 2014 21:31:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:20 UTC