W3C home > Mailing lists > Public > public-sysapps@w3.org > April 2014

RE: Discussing security model of sysapps

From: POTONNIEE Olivier <Olivier.POTONNIEE@gemalto.com>
Date: Wed, 2 Apr 2014 15:17:51 +0200
To: Marcos Caceres <w3c@marcosc.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>, Dave Raggett <dsr@w3.org>
CC: Mounir Lamouri <mounir@lamouri.fr>, Wonsuk Lee <wonsuk11.lee@samsung.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>
Message-ID: <267D4E63A0D73044BFBB4199DA94D80504199099EB0D@CROEXCFWP04.gemalto.com>
Thanks Marcos for the clarification. I agree installable applications are not strictly necessary, and SW offers a smart way to address offline mode.
So there are no "installable" apps, but just (pre-)"installed" apps, running with app:// uri.
Fine for me, thanks!

> -----Original Message-----
> From: Marcos Caceres [mailto:w3c@marcosc.com]
> Sent: Tuesday, April 01, 2014 5:43 PM
> To: POTONNIEE Olivier; GALINDO Virginie; Dave Raggett
> Cc: Mounir Lamouri; Wonsuk Lee; public-sysapps@w3.org
> Subject: RE: Discussing security model of sysapps
> On April 1, 2014 at 5:30:50 PM, POTONNIEE Olivier
> (olivier.potonniee@gemalto.com) wrote:
> > Sorry, I was not trying to be abstract.
> I know you weren't, was just pre-empting :)
> > What I can't see in any specifications is:
> >
> > As a web application developer, I want to provide an installable
> > application that users can download an install on their device. How
> > should I package my application in an interoperable way?
> You are correct. Apart from [1], this is vendor specific right now.
> As I've proposed previously, pulling section 5 "Zip Archive" from [1]
> would suffice (or simply referencing it from somewhere).
> Then using the manifest spec [2], would give you 95% of what you need.
> The missing 5% is adding an "origin" member to the manifest to enable
> the package app to be CORS-compatible.
> > Or from the other side:
> >
> > As a web application user, I browse to an online page that offers an
> installable web application.
> > How can I (or the browser) download this application and install it
> on
> > my device in an interoperable way?
> Yes, you are again correct that the group has no spec for this. Again,
> [1] + [2] could be used, but [1] would need to be modified to support
> the JSON format instead of XML.
> The greater question is why would one do that? Why not just
> "install/bookmark/add-to-homecreen" the web page (and let service
> workers deal with offline). This is where we land back at the APIs -
> but most of the APIs we are defining here would not be available to any
> random "online page".
> [1] http://www.w3.org/TR/widgets/

> [2] http://w3c.github.io/manifest/


This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Wednesday, 2 April 2014 13:18:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:20 UTC