- From: Jeffrey Yasskin <jyasskin@google.com>
- Date: Wed, 1 Apr 2015 13:09:41 -0700
- To: "Nilsson, Claes1" <Claes1.Nilsson@sonymobile.com>
- Cc: "public-sysapps@w3.org" <public-sysapps@w3.org>, public-webapps <public-webapps@w3.org>, Device APIs Working Group <public-device-apis@w3.org>, Domenic Denicola <domenic@domenicdenicola.com>, "slightlyoff@chromium.org" <slightlyoff@chromium.org>
- Message-ID: <CANh-dX=80Yba5YpD3g47-ZoKRB2bTsDhaRecL=kmuTM9rXCMcw@mail.gmail.com>
Hi all. You've mistakenly cc'ed my father on this thread. Here's my address. On Wed, Apr 1, 2015 at 2:22 AM, Nilsson, Claes1 < Claes1.Nilsson@sonymobile.com> wrote: > Hi all, > > > > Related to the recent mail thread about the SysApps WG and its > deliverables I would like to make a report of the status of the TCP and UDP > Socket API, http://www.w3.org/2012/sysapps/tcp-udp-sockets/. > > > > Note that this specification is still being worked on. Latest merged PR > was March 30. I think it is time for a new Public Working Draft. > > > > This API is used to send and receive data over the network using TCP or > UDP. > > Examples of use cases for the API are: > > - An email client which communicates with SMTP, POP3 and IMAP servers > - An irc client which communicates with irc servers > - Implementing an ssh app > - Communicating with existing consumer hardware, like internet > connected TVs > - Game servers > - Peer-to-peer applications > - Local network multicast service discovery, e.g. UPnP/SSDP and mDNS > > > > The TCP and UDP Socket API is a phase 1 deliverable of the SysApps WG. > SysApps was originally chartered to provide a runtime and security model so > that it would be possible to open up sensitive APIs to SysApps enabled > runtimes. Accordingly, it was assumed that the TCP and UDP Socket API would > be exposed to such a “trusted runtime”. Looking at existing TCP and UDP > Socket APIs they are implemented in proprietary web runtimes, FFOS and > Chrome, which provide a security model for installed packaged web runtimes. > > > > Today we can conclude that it has not been possible to standardize a > runtime and security model in SysApps. However, there still seems to be an > interest in the TCP and UDP Socket API, at least from individuals at Google > and Mozilla. For example, there has been extensive work, supported by > Google, to adapt this API to the Streams API specification, > https://streams.spec.whatwg.org/. > > > > To meet the issue that we don’t have a standardized secure “web system > applications” runtime and that the current open web browser sandbox is not > secure enough for this kind of API (but the security features are evolving > through the Web Application Security Working Group) I recently added > “permission methods”, partly inspired by the W3C Push API. A webapp could > for example request permission to create a TCP connection to a certain > host. The ambition is to isolate the permission system from the socket > interfaces specifications and the manner in which permission to use this > API is given differs depending on the type of web runtime the API is > implemented in. For example, a web runtime for secure installed web > applications may be able to open up this API so that no explicit user > content is needed, while an implementation in a web browser may use a > combination of web security mechanisms, such as secure transport (https:), > content security policies (CSP), signed manifest, certificate pinning, and > user consent to open up the API. > > > > If SysApps WG is closed and the scope of W3C is limited to APIs that could > be exposed the “normal browser context” (which is evolving, once again > referring to Web Apps Sec WG) a new home for this API could be the Device > API WG. A Community Group, similar to what we have for Web Bluetooth and > NFC, would also be a possibility. > > > > WDYT? > > > > Lastly, if there is a decision to continue to work on this API I can > remain as main editor. However, I can currently not commit to more > extensive tasks such as implementation and test cases. > > > > Best regards > > Claes > > > > > > *Claes Nilsson* > > Master Engineer - Web Research > > Advanced Application Lab, Technology > > > > *Sony Mobile Communications* > > Tel: +46 70 55 66 878 > > claes1.nilsson@sonymobile.com <Firstname.Lastname@sonymobile.com> > > > > sonymobile.com > > > > [image: Sony logotype_23px height_Email_144dpi] > > >
Attachments
- image/png attachment: image003.png
Received on Wednesday, 1 April 2015 20:10:29 UTC