Re: Making Web Apps first class citizen from Robin Berjon on 2013-03-11 (public-closingthegap@w3.org from March 2013)

From: Robin Berjon <robin@w3.org>
Date: Mon, 11 Mar 2013 12:20:04 +0100
To: Tobie Langel <tobie@w3.org>
CC: Dominique Hazael-Massieux <dom@w3.org>, Frederick.Hirsch@nokia.com, public-closingthegap@w3.org
Message-ID: <513DBDE4.8000403@w3.org>

On 08/03/2013 17:01 , Tobie Langel wrote:
> Where some see this as a weakness, others see this as a feature. On
> mobile devices typing passwords is tedious. For the user, seamlessly
> navigating from in-app web views to the browser and back is critical
> to a good user experience.

I would contend that passwords are tedious on any platform. They're also 
a classic security issue as they encourage people to reuse the same ones 
over and over again — with mobile only making this worse.

We need to standardise on something like BrowserID, and we need to do it 
yesterday.

> On native, this experience is terrible. For example, it is common
> that I receive an email notification that someone posted something I
> care about on Facebook. I click the link from my native mail client.
> This opens up the browser. I'm not logged in to Facebook on the
> browser, so I now manually navigate to the FB app. I go through the
> notifications there, find the one I care about. Click on it. I'm
> taken to the relevant part of the FB app, only to find out this was
> actually a tweet. So I click on it. I'm now within the in-app browser
> of the Facebook app, in Twitter. I want to reply. I'm of course not
> logged in to Twitter there. So I open up the link in the browser,
> where I hope to be logged in to Twitter.

So, a big part of the issue you're seeing there is that you're using 
iOS. I don't mean this as a jab, it really is an architectural weakness. 
The flow you describe is far more sensible on any platform that has 
something like intents and URL interception.

> In a world of web apps sharing cookie jars, this whole experience
> could be resumed to: get a notification on my web mail client.
> Navigate to the link in the Facebook app. Click on the link to
> twitter. Hit reply. Done.

You need more than shared cookie jars for this. You want links to a 
given origin to be interceptable by an installed application from that 
origin.

Shared cookie jars are annoying. I want to stay logged into my Twitter 
client but I don't want to send identifying cookies on every site that 
features a "Tweet this" button. We have simple solutions that are 
superior, and we should use them.

-- 
Robin Berjon - http://berjon.com/ - @robinberjon

Received on Monday, 11 March 2013 11:20:16 UTC