W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: Installing web apps

From: Scott Wilson <scott.bradley.wilson@gmail.com>
Date: Thu, 2 Feb 2012 10:16:10 +0000
Cc: Marcos Caceres <w3c@marcosc.com>, Ian Hickson <ian@hixie.ch>, public-webapps@w3.org, Thomas Roessler <tlr@w3.org>, "Michael(tm) Smith" <mike@w3.org>, TAG List <www-tag@w3.org>
Message-Id: <44BF2311-2E20-4844-A395-9B6928A90E73@gmail.com>
To: Tim Berners-Lee <timbl@w3.org>

On 1 Feb 2012, at 21:04, Tim Berners-Lee wrote:

> 
> On 2012-02 -01, at 15:23, Marcos Caceres wrote:
> 
>> Hi Tim,  
>> 
>> On Wednesday, 1 February 2012 at 16:42, Tim Berners-Lee wrote:
>> 
>>> Note that when people talk about installation, they often immediately discuss
>>> packaging and manifest formats, which will need to be defined,
>> 
>> Umů we have a REC for that, remember?  
> 
> Yes, but I'm specifically trying to avoid the discussion of whether you use
> widgets or manifests or node.js or what.
> 
> Sorry, we have come a long way from my original comment on public-webaps about 
> the same-origin-policy needing a way of letting a script know why the 
> access failed, which lead to Ian H saying that here was no need
> for installation and my saying that there was.  So I was arguing for the need
> for installation, and I am if course aware of widgets.
> 
> I precisely *didn't* want to get into a detail about whether everyone should use
> widgets or will use widgets -- I want to argue for XMLHTTPRequest 
> being designed to be able to be used not only in an untrusted web page,
> but e.g. from an installed widget, or node.js for that matter,
> which means returning a defined error response when the privilege is
> insufficient, instead of faking a network error.
> I've been trying to write code which will work in any of these.

In the Widgets space this is part of:

http://www.w3.org/TR/widgets-access/

Its up to user-agents how they expose these access request policies to the user, whether to ask on installation, or on first use etc.

The issue of 'trusted web applications" has also come up before in this context also, see Robin's blog post:

http://berjon.com/blog/2011/02/harmful-trust.html

> 
> 
> Tim
Received on Thursday, 2 February 2012 10:16:57 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:50 GMT