- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Thu, 07 Mar 2013 11:58:41 +0100
- To: public-closingthegap@w3.org
App stores usually provide some level of confidence to their users that: * apps they get from them will be adapted to their devices (in terms of UI, hardware support, ...) * apps will not harm them (This second point has been debated a number of times, and the level of confidence users should have is obviously dependent on the promises that various apps stores are actually making.) How can the Web provide a similar experience? In terms of adaption of a given Web app to a given device, curation remains obviously a possibility for Web apps store; but the promise of the Web is also that a given Web app should work on as many devices as possible. Obviously increasing interoperability (as Tobie is working on) is a critical piece here, but it is not sufficient either: some Web apps might rely on e.g. specific hardware, and no amount of testing will make a device without an accelerometer report acceleration data. Likewise, a Web developer could make the choice that a given Web app can only be meaningfully used at a given screen resolution, or with a given processing power, and thus want to advertise that limitation (not necessarily imposing it). I don't think that Web apps developers have currently any way to expose this type of requirements (either for Web apps stores sake, search engines sake, or even just browsers sake). The under-discussion manifest format for Web app in sysapps as a "required_features" field that could possibly address this: http://sysapps.github.com/sysapps/proposals/RunTime-Security/Overview.html but it's too early to tell how much of this problem space it will address. Does anyone feel we should put more efforts in this? Regarding security guarantees, for Web-in-the-browser apps, the promise of the Web is that loading a Web app in itself should keep very low the risks of harm. And the technologies we're building are also meant to lower as much as possible the risks that further consent from the user will not expose her too much to harm. For packaged Web apps (as define in the SysApps Working Group), the model is completely different, and very similar to native apps; installing an app is trusting it and granting it additional, potentially dangerous, privileges. Clearly in this case, providing users with a curated list of trustworthy apps is critical. How much is new work is needed on this? From a first look, it sounds like the hooks that SysApps will provide here should be sufficient for building a curation system, but as always, I'm interested in hearing alternative perspectives. Dom
Received on Thursday, 7 March 2013 10:58:52 UTC