Native messaging document. Re: Minutes of the 2016-10-06 teleconf from Anders Rundgren on 2016-10-06 (public-browserext@w3.org from October 2016)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 6 Oct 2016 08:35:48 +0200
To: Florian Rivoal <florian@rivoal.net>, public-browserext@w3.org
Message-ID: <b2d4f398-b0de-b301-4ea1-46f8480e44a6@gmail.com>

On 2016-10-06 06:58, Florian Rivoal wrote:

Thanx, I'm sorry I couldn't participate this time.

I read the native messaging rationale document with interest.
I guess we still have a little bit of a hassle with the architectural
vision but we can leave that to the TAG to think about...

There should probably be another section in this document:

Security Considerations

Currently most browsers permit invocation of specific native applications from the
Web through a URI protocol scheme.

It is not obvious that the ability to "talk back" to an invoking page or extension
would introduce additional vulnerabilities; misbehaving native applications can usually
already send data to any server without (locally implied) restrictions.

Use Cases

When it comes to use-cases I believe the list specified on the first page in
https://cyberphone.github.io/doc/web/web2native-bridge.pdf
is fairly exhaustive.  There's no need using localhost schemes if you
have a working native messaging solution since it (properly designed)
gives better control both to the platform and the application.

WDYT?

Best regards,
Anders

> Minutes of the 2016-10-06 teleconf are available here:
>
> http://browserext.github.io/minutes/2016-10-06.html
>
> If you wish to correct the minutes, please submit a pull request on the CG's github repository: https://github.com/browserext/browserext.github.io
>
> Resolutions taken during teleconfs or face to face meeting are tentative, and have a github issue associated with them. You can find these issues by following the links from the minutes. Comments in these issues are welcome. Resolutions will be considered to be the consensus of the Community Group unless dissenting opinions are expressed within 10 days.
>
> Work on based on tentative resolutions may begin before the 10 days are elapsed, but any such work will be rescinded if the eventual consensus disagrees with the tentative resolution.
>
> Best regards,
> Florian
>

Received on Thursday, 6 October 2016 06:36:19 UTC