Re: W3C workshop on web apps and marketplaces? from Marcos Caceres on 2014-01-21 (public-sysapps@w3.org from January 2014)

From: Marcos Caceres <w3c@marcosc.com>
Date: Tue, 21 Jan 2014 11:00:05 +0000
To: Dave Raggett <dsr@w3.org>
Cc: public-sysapps@w3.org
Message-ID: <18B1480374C24B1FA1E04806F6D58598@marcosc.com>

On Tuesday, January 21, 2014 at 10:00 AM, Dave Raggett wrote:

> 
> On 20/01/14 18:30, Marcos Caceres wrote:
> > On Monday, January 20, 2014 at 4:58 PM, Dave Raggett wrote:
> > 
> > > I have extracted the comments made on this thread and copied them to the Headlights 2014 proposal that I was asked to make, see:
> > > 
> > > https://www.w3.org/wiki/Headlights2014/W3C_Workshop_on_Web_Apps_and_Marketplaces#Feedback.2FQuestions_on_the_idea
> > Thanks, Dave, for putting this summary together.
> > 
> > I'm concerned about the mention of "trusted web applications". This makes it sound like there is some special type of web application that is somehow more trusted than any other web application. I think there is real risk of segregating the Web like this - and goes against the principle of "one web".
> > 
> > Could you please drop that from the document?
> 
> The question is what to replace it with. 
Just drop the word "trusted" :) 
> We are talking about Web apps 
> with a higher level of user trust that merits richer access to device 
> capabilities.

The trust can happen at the API level, rather than the app level (as happens today). 

I'm extremely worried (paranoid?) that if we start normalizing the idea of using a digital signature around a package we are essentially creating another horrendous DRM scheme: one where a centralized authority digitally manages the right for an application to access APIs - or worst, an application won't work at all unless it has a particular vendor's digital signature attached. This goes against the spirit of the Web being an open publishing system: it risks creating an ecosystem where if a developer wants to access APIs on some platform, one would have to pay for a time-bombed digital token - or worst, the granting authority could deny certain applications from getting a digital signature on political grounds (as we've seen happen in some proprietary app stores).  

> System apps doesn't seem quite right either. Some people 
> have talked about Web OS, but that could be confused with the WebOS 
> owned by HP. Do we just want to say Web Apps, or do we need a term that 
> signifies the higher level of trust needed for richer access to the 
> device? What do people think?

Personally, it has to just be "web apps". 

> > I'm also a bit, um, uncomfortable, about "Making it easier for users to discover and pay for Web apps". The idea of paying for a web site is weird (as they are not tangible bits of software) - maybe say, "Making it easier for users to discover and pay for online services"?
> 
> Services works for me, but I wouldn't want to imply that they only work 
> when you are online, as there will be an important class of services 
> that work fine offline. Would the following work for you? 

> 
> "Making it easier for users to discover and pay for services"
> 
You are right. The above works for me. 

Thank you!

Received on Tuesday, 21 January 2014 11:00:14 UTC