Hi Anders,
Following an initial review from the TAG the decision was made to assemble
some concrete use cases enabled by this feature.
Also, Google are going to be doing some UX research.
The biggest challenge, as I understand it, is demonstrating the ability of
browsers to implement this feature in a way that is not easily phishable.
i.e. Can we be certain that malicious websites aren't able to render
something that appears to be a secure modal (but is just web content) and
convince users to enter their login/payment credentials?
Adrian
On Mon, 27 Jan 2020 at 09:48, Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:
> Hi Adrian & WG,
>
> What is the current state of this proposal?
> https://github.com/adrianhopebailie/modal-window/blob/master/explainer.md
>
> Years ago, I suggested that we need a "mechanism" to deal with "breaking"
> SOP in a more universal way where an application served as a "moderator".
> The Modal Window could be that solution for "pure" Web applications (for
> Web2Native applications, PaymentRequest as implemented in Android[*] is a
> pretty good "emulation" of what I once requested).
>
> This could have a huge number of quite different applications so it
> doesn't seem to be a suitable work items for the Payment WG. BTW, I don't
> see how you actually could restrict the Modal Window feature to only work
> with payment applications (unless the Window UI is cast in stone which
> would be very bad). My use of PaymentRequest for Android seems to support
> that statement.
>
> Thanx,
> Anders
> *] https://cyberphone.github.io/doc/web/calling-apps-from-the-web.pdf
>
>