W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: Installing web apps

From: Bronislav Klučka <Bronislav.Klucka@bauglir.com>
Date: Wed, 08 Feb 2012 11:31:21 +0100
Message-ID: <4F324EF9.3020000@bauglir.com>
To: public-webapps@w3.org

On 8.2.2012 1:06, Jean-Claude Dufourd wrote:
> On 7/2/12 05:31 , Robin Berjon wrote:
>> The first problem is that of the security model. A lot of smart 
>> people have tried to come up with a lot of different solutions here, 
>> often involving signatures, policies, intricate user interfaces, etc. 
>> I think that's all massively over-engineered. Once you take into 
>> account the fact that the number of applications that actually need 
>> this level of privilege is only a tiny fraction of the whole, you 
>> realise that you can just give up on privilege policies. These are 
>> just regular apps: they have unfettered access — period (within the 
>> limits of the underlying platform's permissions system naturally). 
>> They ought to be harder (and unusual) to install, and maybe should 
>> look different, but that's it. We might want to give them strong CSP 
>> protection by default to defend against XSS attacks, but that's a 
>> detail.
> JCD: I strongly disagree with you there, Robin. I do not see why 
> "installed apps" should have more access. "Normal apps" and "installed 
> apps" should have the same security model, but "installed apps" may 
> have permanently remembered security clearances, and that could be the 
> only difference.
> My proposal is as simplistic as yours, but in the opposite direction. 
> You are saying "installed apps" should have all rights, I am saying 
> "installed apps" should obey the exact same security as "normal apps".
> In your system, it is dangerous to install an app, but it is very 
> simple. In mine, there is no danger, but it is a bit more work.
> Having a difference between installed apps and normal apps is actually 
> counter-productive.
> Java tried that for applets, and Java is now gone from the web apps 
> stage.
> Best regards
> JC

just let me quote from this thread
Tim Berners-Lee:

   There of course places where XHR is used and there is no
   cross-sitescripting security needed

   1)  in a browser extension
   2)  in node.js code trusted apps

Ian Hickson:

   These aren't the Web, so they're probably out of scope of the CORS and XHR
   specs, but Anne can comment if he disagrees.

you are one step ahead, firt we need to define, what we want, whether we want web platform (remote access to some data and sometimes being able to manipulate those data with very limited set of APIs) or whether we want actual multi-platform application framework with browser as run-time environment, because there is still a lot of missing and there is apparently disagreement about what should be govern by w3c/whatwg. I'm all for the second option: full programming environment. But that is the first here (and with MS extensions to JS APIs in Metro applications...). And without any distinction between whether the app run locally or whether the UI and data are accessed remotely or any possible combination of UI and data access mechanism.

And the question of granting rights seems to be fairly decided here, everything potentially dangerous has to be granted by user (e.g. FileSystem API, GeoLocation), and if UA can provide more granular way of managing data and rights (not "remove browsing data" and suddenly everything for every page is gone), we can stick with this principle: HTML, CSS, basic JS is fine... anything else must be granted.

Received on Wednesday, 8 February 2012 10:34:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:38 UTC