W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

Re: Widgets - WARP, Widgets Updates and Digital Signatures

From: Nathan <nathan@webr3.org>
Date: Thu, 16 Sep 2010 17:17:33 +0100
Message-ID: <4C92431D.2070406@webr3.org>
To: marcosc@opera.com
CC: public-webapps <public-webapps@w3.org>, public-device-apis <public-device-apis@w3.org>
Marcos Caceres wrote:
> On Fri, Sep 3, 2010 at 7:52 PM, Nathan <nathan@webr3.org> wrote:
>> Hi All,
>> Simply wondering why WARP, Widgets Updates and Digital Signatures aren't
>> used to deploy js applications which run in the main browser context?
> I guess because they all have counterparts on the Web stack:
> WARP is the widget equiv. of XHR 2 + CORS

Do WARP and XHR2+CORS not address different issues, where WARP requests 
access from the user agent to retrieve a network resources, and CORS 
requests access from the network resources?

> Widget Updates is the widget equiv of HTML5 manifest or HTTP expiries.

Cool, I follow what you're saying and will spend some time getting up to 
date on manifests :)

> Dig Sig is the equiv. of HTTPS

Need to think about that one more, surely one widgets-digsig allows a 
package to be distributed through multiple channels and is somewhat akin 
to typical code/application signing solutions on the desktop, whereas 
HTTP+TLS is just that, message delivery over TLS.

>> seems
>> like a nice solution that would work webscale, and which would provide
>> further user security, identification of trusted apps and cover the other
>> half of CORS which is informing and protecting the user.
>> Perhaps one of the vendors has already implemented in the main context?
> Hope that helps.

Indeed it does somewhat, I'd been putting off wrapping my head round 
manifests so will get up to date,


Received on Thursday, 16 September 2010 16:18:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:36 UTC