- From: Nathan <nathan@webr3.org>
- Date: Thu, 16 Sep 2010 17:17:33 +0100
- To: marcosc@opera.com
- CC: public-webapps <public-webapps@w3.org>, public-device-apis <public-device-apis@w3.org>
Marcos Caceres wrote: > On Fri, Sep 3, 2010 at 7:52 PM, Nathan <nathan@webr3.org> wrote: >> Hi All, >> >> Simply wondering why WARP, Widgets Updates and Digital Signatures aren't >> used to deploy js applications which run in the main browser context? > > I guess because they all have counterparts on the Web stack: > > WARP is the widget equiv. of XHR 2 + CORS Do WARP and XHR2+CORS not address different issues, where WARP requests access from the user agent to retrieve a network resources, and CORS requests access from the network resources? > Widget Updates is the widget equiv of HTML5 manifest or HTTP expiries. Cool, I follow what you're saying and will spend some time getting up to date on manifests :) > Dig Sig is the equiv. of HTTPS Need to think about that one more, surely one widgets-digsig allows a package to be distributed through multiple channels and is somewhat akin to typical code/application signing solutions on the desktop, whereas HTTP+TLS is just that, message delivery over TLS. >> seems >> like a nice solution that would work webscale, and which would provide >> further user security, identification of trusted apps and cover the other >> half of CORS which is informing and protecting the user. >> >> Perhaps one of the vendors has already implemented in the main context? > > Hope that helps. Indeed it does somewhat, I'd been putting off wrapping my head round manifests so will get up to date, Cheers, Nathan
Received on Thursday, 16 September 2010 16:18:38 UTC