Re: W3C workshop on web apps and marketplaces? from Charles McCathie Nevile on 2014-01-16 (public-sysapps@w3.org from January 2014)

From: Charles McCathie Nevile <chaals@yandex-team.ru>
Date: Thu, 16 Jan 2014 13:00:30 +0100
To: "Dave Raggett" <dsr@w3.org>, "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
Cc: "public-sysapps@w3.org" <public-sysapps@w3.org>
Message-ID: <op.w9r3m4chy3oazb@chaals.local>
On Thu, 16 Jan 2014 11:12:52 +0100, Kostiainen, Anssi  
<anssi.kostiainen@intel.com> wrote:

> Hi,
>
> On 10 Jan 2014, at 20:46, Dave Raggett <dsr@w3.org> wrote:
>
>> I have been asked to explore the potential for holding a W3C workshop  
>> focusing on web applications, the role of standards for system APIs,  
>> and what's needed to support open marketplaces for web applications,  
>> e.g. for ease of discoverability, trust models and so forth.

There's lots of potential. As Marcos and Anssi said, please focus  
carefully on outcomes - what can we usefully improve on and how do we  
ensure that we learn from the last decade (at least) of going round and  
round this circle?

>> The workshop would be an opportunity to bring together people from  
>> different projects and to share experiences, and discuss use cases and  
>> areas where further work is needed?

Makes sense. As Marcos said, if the predicted-and-almost-guaranteed  
outcome is a new working group, expect a lot of noisy pushback. I strongly  
back what Anssi says below, on focus.

> Dave - thanks for the heads up. Personally, I think it may be beneficial  
> to formulate the problem statement a bit differently, more tightly  
> perhaps.
> As Marcos pointed out, the industry has tried to solve the  outlined  
> problems for quite some time. These are hard problems, especially if we  
> try to address them in their entirety. While we have been doing good  
> progress in certain areas, I think it is fair to say we must embrace the  
> prevalent permission, security, and trust models of the Web and build  
> upon them to get the benefits of the Web too. Good things like universal  
> access, discoverability through search engines, and an ability to share  
> and discover content through plain old URLs without the middleman, for  
> example.
>
> That said, I feel there’s an opportunity to make progress on some topics  
> that could be in scope for the workshop:
>
> * How to gradually build trust when a user is having a conversation with  
> a web resource, mediated by the User Agent? In abstract this is pretty  
> similar to how humans interact with each other when they build trust  
> relationships. Trust builds over time. You do not give your keys to a  
> stranger you just met, but you probably happily tell your first name,  
> for example. How this relates to the Web? Perhaps a user who has  
> bookmarked a site trusts it a bit more than a site that she has not  
> bookmarked? Or if a user visits a particular site every day, she may  
> trust the site more. Or if other people she relates to do the same  
> (reputation system). This should work both ways, and a site may lose a  
> user’s trust as well.
>
> * We have a set of trust gestures built in to the platform such as  
> bookmarking, uploading a file using the file picker, and drag and drop.  
> I think it is important to ensure we understand and use these implicit  
> permissions grants where appropriate instead of inventing new ones. The  
> good old writeup by Robert O’Callahan at [1] is still relevant. Also the  
> Mozilla’s position paper [2] from a 2008 workshop gives historical  
> background from the time when the Geolocation API was the new thing.
>
> To sum up, exposing more powerful APIs to the platform is not inherently  
> bad. But if such APIs are only exposed to a subset of the Web (e.g.  
> content distributed through often curated marketplaces), it is certainly  
> not optimal considering the long-term health of the Web. We must ensure  
> we evolve the Web as a whole, without boundaries.
>
> I feel that understanding, evolving, and building atop the permission,  
> security and trust models *of the Web* is the crux.
>
>> What do you think?  Should W3C be seeking to put a spotlight on web  
>> apps and web-based OSes?
>
> Having a workshop — assuming we do not revisit the problems we have  
> tried to solve multiple times before without great success -- sounds  
> like a good idea.

I don't mind revisiting things - that's how we learn.

I would be appalled to see W3C simply start up Yet Another Group For APIs  
without a very strong push to recognise what has gone before. (To cite  
history, when sysapps proposed an app: URI spec that was a simple  
copy/paste of the widget: URI spec without acknowledging that history I  
think it made a grave mistake on several levels).

There is obviously continuing interest in this area, so thinking about how  
to harness it towards developing standards, rather than the current mess  
of fragmentation, would be a useful thing to do if we can get support from  
those who are pushing forward the current different flavours of the same  
thing.

cheers

Chaals

> [1]  
> http://robert.ocallahan.org/2011/06/permissions-for-web-applications_30.html
> [2] http://www.w3.org/2008/security-ws/papers/mozilla.html


-- 
Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
       chaals@yandex-team.ru         Find more at http://yandex.com
Received on Thursday, 16 January 2014 12:01:10 UTC