- From: Nathan <nathan@webr3.org>
- Date: Wed, 08 Sep 2010 17:27:20 +0100
- To: "Nilsson, Claes1" <Claes1.Nilsson@sonyericsson.com>
- CC: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
Hi Claes, I think the main thing that's missing from the proposal is context :) With the advent of client side persistence solutions and ever increasing device/browser capabilities, it's now possible to make 100% client side js applications which run in the browser, everything from small games and micro-blog clients right up to full document/image editors. There is a strong shift in this direction from many corners of the web. Currently application developers can choose between: (1) hosting the client side application on a 'website'. (2) creating a vendor specific 'extension'. When really, what we all want/need is to be able to 'install' an application which runs in the main browser context (i.e. can be used off line, can be packaged as an application, can be signed, can contain an access request policy). You might think of this as cross between a Mozilla Prism, browser extensions, widgets and traditional web applications. Universal web applications that can run on any device. To my untrained eye, it appears that virtually everything needed to take a series of scripts & resources and wrap them up in a manner similar to extensions is already spec'd out in the various widget specifications. Everything needed to run the applications universally is already provided by any user agent on any device that implements js/html/web-apps/device apis. Thus, the suggestion to scope using the widgets specifications as a way to package all this up and give the world universal web applications which run on any device and provided the needed packaging/signing/access-request/update side of things. Best, Nathan Nilsson, Claes1 wrote: > Hi, > > Assuming I don't misunderstand the proposal/questions I would say: > > * WARP: Might work for main browser context? > > * Digital Signatures for Widgets: I guess that using "Digital Signatures for Widgets" for normal web application running in the browser wouldn't work as this specification assumes signing of an installed package. For web applications running in main browser context the corresponding specification is xmldsig (http://www.w3.org/TR/xmldsig-core/), that makes it possible to sign defined parts of web content. However, as far as I know this specification has not been much implemented as it is considered complicated. Don't know any details. > > * Widgets Update: Don't see the meaning of this for browser context as this specification assumes an installed package. > > Regards > Claes > >> -----Original Message----- >> From: public-device-apis-request@w3.org [mailto:public-device-apis- >> request@w3.org] On Behalf Of Frederick.Hirsch@nokia.com >> Sent: den 7 september 2010 20:24 >> To: public-device-apis@w3.org >> Cc: Frederick.Hirsch@nokia.com; nathan@webr3.org >> Subject: Fwd: Widgets - WARP, Widgets Updates and Digital Signatures >> >> Forwarding with permission . >> >> What do you think of this approach? >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> Begin forwarded message: >> >>> From: ext Nathan <nathan@webr3.org> >>> Date: September 3, 2010 1:52:26 PM EDT >>> To: public-webapps <public-webapps@w3.org> >>> Subject: Widgets - WARP, Widgets Updates and Digital Signatures >>> Reply-To: "nathan@webr3.org" <nathan@webr3.org> >>> >>> Hi All, >>> >>> Simply wondering why WARP, Widgets Updates and Digital Signatures >> aren't >>> used to deploy js applications which run in the main browser context? >>> seems like a nice solution that would work webscale, and which would >>> provide further user security, identification of trusted apps and >> cover >>> the other half of CORS which is informing and protecting the user. >>> >>> Perhaps one of the vendors has already implemented in the main >> context? >>> Best, >>> >>> Nathan >>> > > >
Received on Wednesday, 8 September 2010 16:28:24 UTC