Trying to summarise (was Re: DAP and security)

Whoa.

I believe that the original renaming of the thread intended to clarify the DAP's mission and stance on security, but we've devolved again into more muddied up discussion, so I'd like to take a second stab at clarifying the landscape.

One, DAP *will* handle security. I think everyone's on the same page on that one now.

Second, DAP APIs are fully intended to be able to run in a browser context. I believe that there may have been unfortunate misunderstandings, but the fact of the matter is that APIs not supported by default in browsers will be considered a failure. I think that some of the confusion about the fact that these would necessarily have to follow a security model that works inside a browser stems from the fact that people (including myself) have repeatedly stated that they wanted authors to have the same APIs irrespective of whether they were running in a browser or in a web runtime used in a different context. This does *not* mean that the security model will be the same in both context, and indeed since the entry points to said APIs are likely to be different in each context some part of the APIs may turn out to be different. The point was that those differences should be minor, and clear to authors.

Finally, we can all talk about policy and trust in browsers until we're bluer in the face than a hypothermic smurf the fact of the matter is that I don't believe that this is a case where discussion can produce consensus. There are use cases for policy, and solutions for those will be developed at the very least for the widgets landscape. If it so happens that they yield interesting innovative stuff that could be useful in browsers, then it'll be easy to point to it as proof and demo. Far easier than to argue about it, and it'll happen faster if we create the technology rather than talk about it :)


Speaking of innovation and trust in browsers, it seems that the JetPack elves are working on some form of social web of trust for browser extensions — is there a chance that they could chat about it with DAP?

-- 
Robin Berjon - http://berjon.com/

Received on Thursday, 19 November 2009 11:24:32 UTC