W3C home > Mailing lists > Public > public-sysapps@w3.org > April 2014

RE: Discussing security model of sysapps

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 2 Apr 2014 20:19:12 +0200
Message-ID: <CADEL5zu7YczdF26ZO=X6ccE3jgaBs_QyLAqLgk=SMXQkFoOAEw@mail.gmail.com>
To: POTONNIEE Olivier <Olivier.POTONNIEE@gemalto.com>
Cc: public-sysapps@w3.org, Mounir Lamouri <mounir@lamouri.fr>, Dave Raggett <dsr@w3.org>, Marcos Caceres <w3c@marcosc.com>, Wonsuk Lee <wonsuk11.lee@samsung.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>
On Apr 2, 2014 3:18 PM, "POTONNIEE Olivier" <Olivier.POTONNIEE@gemalto.com>
wrote:
>
> Thanks Marcos for the clarification. I agree installable applications are
not strictly necessary, and SW offers a smart way to address offline mode.
> So there are no "installable" apps, but just (pre-)"installed" apps,
running with app:// uri.
> Fine for me, thanks!

Olivier,
Now you lost me completely.  How do you mean that SE-using applications are
distributed and by whom?

Anders

> --
> Olivier
>
>
> > -----Original Message-----
> > From: Marcos Caceres [mailto:w3c@marcosc.com]
> > Sent: Tuesday, April 01, 2014 5:43 PM
> > To: POTONNIEE Olivier; GALINDO Virginie; Dave Raggett
> > Cc: Mounir Lamouri; Wonsuk Lee; public-sysapps@w3.org
> > Subject: RE: Discussing security model of sysapps
> >
> >
> >
> > On April 1, 2014 at 5:30:50 PM, POTONNIEE Olivier
> > (olivier.potonniee@gemalto.com) wrote:
> > > Sorry, I was not trying to be abstract.
> >
> > I know you weren't, was just pre-empting :)
> >
> > > What I can't see in any specifications is:
> > >
> > > As a web application developer, I want to provide an installable
> > > application that users can download an install on their device. How
> > > should I package my application in an interoperable way?
> >
> > You are correct. Apart from [1], this is vendor specific right now.
> >
> > As I've proposed previously, pulling section 5 "Zip Archive" from [1]
> > would suffice (or simply referencing it from somewhere).
> >
> > Then using the manifest spec [2], would give you 95% of what you need.
> > The missing 5% is adding an "origin" member to the manifest to enable
> > the package app to be CORS-compatible.
> >
> > > Or from the other side:
> > >
> > > As a web application user, I browse to an online page that offers an
> > installable web application.
> > > How can I (or the browser) download this application and install it
> > on
> > > my device in an interoperable way?
> >
> > Yes, you are again correct that the group has no spec for this. Again,
> > [1] + [2] could be used, but [1] would need to be modified to support
> > the JSON format instead of XML.
> >
> > The greater question is why would one do that? Why not just
> > "install/bookmark/add-to-homecreen" the web page (and let service
> > workers deal with offline). This is where we land back at the APIs -
> > but most of the APIs we are defining here would not be available to any
> > random "online page".
> >
> > [1] http://www.w3.org/TR/widgets/
> > [2] http://w3c.github.io/manifest/
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> This message and any attachments are intended solely for the addressees
and may contain confidential information. Any unauthorized use or
disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable
for the message if altered, changed or falsified. If you are not the
intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
free from viruses, the sender will not be liable for damages caused by a
transmitted virus
Received on Wednesday, 2 April 2014 18:19:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:20 UTC