W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: Installing web apps

From: Bronislav Klučka <Bronislav.Klucka@bauglir.com>
Date: Wed, 08 Feb 2012 15:19:05 +0100
Message-ID: <4F328459.1090108@bauglir.com>
To: Scott Wilson <scott.bradley.wilson@gmail.com>
CC: public-webapps@w3.org

On 8.2.2012 14:25, Scott Wilson wrote:
>> Hi
>> just let me quote from this thread
>> -------------------------------------------------
>> Tim Berners-Lee:
>>   There of course places where XHR is used and there is no
>>   cross-sitescripting security needed
>>   1)  in a browser extension
>>   2)  in node.js code trusted apps
>> Ian Hickson:
>>   These aren't the Web, so they're probably out of scope of the CORS and XHR
>>   specs, but Anne can comment if he disagrees.
>> -------------------------------------------------
>> you are one step ahead, firt we need to define, what we want, whether we want web platform (remote access to some data and sometimes being able to manipulate those data with very limited set of APIs) or whether we want actual multi-platform application framework with browser as run-time environment, because there is still a lot of missing and there is apparently disagreement about what should be govern by w3c/whatwg. I'm all for the second option: full programming environment. But that is the first here (and with MS extensions to JS APIs in Metro applications...). And without any distinction between whether the app run locally or whether the UI and data are accessed remotely or any possible combination of UI and data access mechanism.
>> And the question of granting rights seems to be fairly decided here, everything potentially dangerous has to be granted by user (e.g. FileSystem API, GeoLocation), and if UA can provide more granular way of managing data and rights (not "remove browsing data" and suddenly everything for every page is gone), we can stick with this principle: HTML, CSS, basic JS is fine... anything else must be granted.
> Right, and so far we haven't had a generic model for how that is done, instead individual specs have had to define it (as in your examples).
> WebIntents potentially offers a generic model for apps requesting data while keeping the user in the loop, and one that would work both for websites/hosted apps/normal apps and widgets/installed apps/system apps.

WebIntents rather not... Those are about registering services to perform 
some common tasks. That is fine for clearly defined data and actions 
(and shared communication among two full fully-fledged application)... 
but way to high level. It takes time to put low level functionality 
together to make things work, but you can do a lot... (and there are 
always libraries for most common tasks). But with high level APIs? no 
way to bend those.
I ment something like
constructor FileAccess(String path)
   onendload(event with cause of end (success or some error) and Blob 
object )
where path in constructor can be HTTP address, FTP address, local 
address (c:\path\myfile.txt)
of course based on privileges on local side, on server side (based on 
used address)

but as low level as possible and as generic as possible (exactly the 
same functionality locally, remotely).

But we have strayed away a little bit  :)

Received on Wednesday, 8 February 2012 14:22:05 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:38 UTC