Re: Consideration about prevention of Low Level I/F APIs being executed by mistake from Satoru Takagi on 2015-11-20 (public-browserobo@w3.org from November 2015)

From: Satoru Takagi <sa-takagi@kddi.com>
Date: Fri, 20 Nov 2015 09:08:41 +0900
To: tobie@sensors.codespeaks.com, public-browserobo@w3.org
Message-Id: <201511200908.FDB35585.BHTBtUJBL@kddi.com>

Hi, Tobie-san,

Thank you for your comment.

>So this is just an identifier for a particular hardware setup, right?
Yes.

>So this ties a particular hardware setup to a unique origin?
Yes!

Surely it becomes a centralized mechanism, when hardwares (what I called it
the machine to) based on the same blueprint are mass-produced and many
people use it.
On the other hand, on the case where create one-off hardware by oneself and
use it oneself (DIY), it will not be in a centralized situation. Because it
is only one personal individual machine. Probably, on Maker Movement, it
will be nice that such a case is also respected. It is in the situation
where everyone makes different hardwares freely so that everyone make
WebApps freely.

It seems that the present Web has implicit stereotypes on the hardware in
which the browser was implemented. It is PC, smart phone, and tablet. And
some stereotypes which can be enumerated are assumed also on peripherals
added to such hardwares via Bluetooth or USB. Meanwhile, free creation of
the hardware using low level I/F, such as I2C and GPIO, may require the
freedom of the breakaway from such stereotypes. Probably, this is another
viewpoint of openness.

I would like to search for the good mechanism of providing any case with
each openness.

Regards, 

Satoru

> On Thu, Nov 12, 2015, at 03:53, Satoru Takagi wrote:
> > Therefore we imagine the other method as follows:
> > 
> > It is an execution limitation function of API similar to same origin
> > policy combining an identifier with a meaning 
> > such as window.navigator.userAgent.
> 
> So this is just an identifier for a particular hardware setup, right?
> 
> > *The developers make the identifier by the URL corresponding to each
> > machine which they have created. The URL may 
> > have Web of the explanation about the machine. But it is only a URL that
> > is necessary in this mechanism.
> > 
> > *The developers set the URL to window.navigator.userAgent-like readonly
> > attribute of the web runtime embedded in 
> > that machine. This setting should be set as runtime environment.
> 
> > *Low level APIs such as webIGPIO or webI2C shall work only in application
> > software to belong to a domain same as 
> > that URL attribute, unless special setting such as CORS is accomplished.
> 
> So this ties a particular hardware setup to a unique origin?
> 
> This origin would then act like a directory of authorized applications
> by opening them up through CORS. That seems like a very centralized
> solution.
> 
> I feel like a solution similar to how you say USB or Bluetooth works
> might be harder to organize but end up providing a more open (and thus
> more successful) solution.
> 
> Best,
> 
> --tobie
> 
> 
> 
>

Received on Friday, 20 November 2015 00:09:33 UTC