- From: Jeremy Orlow <jorlow@chromium.org>
- Date: Thu, 19 Nov 2009 12:09:08 +0000
- To: Robin Berjon <robin@berjon.com>
- Cc: public-device-apis@w3.org, public-webapps WG <public-webapps@w3.org>
- Message-ID: <5dd9e5c50911190409j105ada48w3a5837a948664de0@mail.gmail.com>
On Thu, Nov 19, 2009 at 11:24 AM, Robin Berjon <robin@berjon.com> wrote: > Whoa. > > I believe that the original renaming of the thread intended to clarify the > DAP's mission and stance on security, but we've devolved again into more > muddied up discussion, so I'd like to take a second stab at clarifying the > landscape. > > One, DAP *will* handle security. I think everyone's on the same page on > that one now. > > Second, DAP APIs are fully intended to be able to run in a browser context. > I believe that there may have been unfortunate misunderstandings, but the > fact of the matter is that APIs not supported by default in browsers will be > considered a failure. Is this practical without the major browsers being part of the DAP WG? (Last time I checked, there were some absences.) > I think that some of the confusion about the fact that these would > necessarily have to follow a security model that works inside a browser > stems from the fact that people (including myself) have repeatedly stated > that they wanted authors to have the same APIs irrespective of whether they > were running in a browser or in a web runtime used in a different context. > This does *not* mean that the security model will be the same in both > context, I don't understand. If security is baked into APIs from the start (as is a requirement for browsers) and the same API should be used in the "different context", then what need is there for a policy model? The policy model seems to only be applicable when APIs are inherently insecure and trust is required...which is the type of API a browser will not implement. > and indeed since the entry points to said APIs are likely to be different > in each context some part of the APIs may turn out to be different. The > point was that those differences should be minor, and clear to authors. > > Finally, we can all talk about policy and trust in browsers until we're > bluer in the face than a hypothermic smurf the fact of the matter is that I > don't believe that this is a case where discussion can produce consensus. > There are use cases for policy, and solutions for those will be developed at > the very least for the widgets landscape. If it so happens that they yield > interesting innovative stuff that could be useful in browsers, then it'll be > easy to point to it as proof and demo. Far easier than to argue about it, > and it'll happen faster if we create the technology rather than talk about > it :) > > > Speaking of innovation and trust in browsers, it seems that the JetPack > elves are working on some form of social web of trust for browser extensions > — is there a chance that they could chat about it with DAP? > > -- > Robin Berjon - http://berjon.com/ > > > > >
Received on Thursday, 19 November 2009 12:10:02 UTC