- From: Carr, Wayne <wayne.carr@intel.com>
- Date: Mon, 9 Jul 2012 15:04:36 +0000
- To: "Carr, Wayne" <wayne.carr@intel.com>, Robin Berjon <robin@berjon.com>
- CC: W3C SysApps <public-sysapps@w3.org>
This came up again in the security models. I don't think we need to change the proposed charter - that looks fine. It's something we need to be aware of in thinking about what it is we are trying to accomplish. I think to satisfy everyone we may need more than one security model. One use for these specs is to create systems where Web technologies are the only type of application, or is a primary type of application. There may be no native applications. For this class there cannot be restrictions like not being able to display an image that is retrieved from the web. Another security model that has been suggested is a restricted app model that seems to be aimed at a non-connected app in a sandbox that is stricter than a Web Browser (e.g. can't download an image or download a web page into an iframe). That would seem to supplement some other type of apps that are not defined in this group. If both of those are needed, the solution may be to have a set of models with flexibility about defining permissions to create others between them. >-----Original Message----- >From: Carr, Wayne [mailto:wayne.carr@intel.com] >Sent: Tuesday, June 26, 2012 12:40 PM >To: Robin Berjon >Cc: W3C SysApps >Subject: RE: capability restrictions in the runtime strawman > >There's a difference between removing cruft and removing features altogether, >like no webworkers at all or no downloadable images. > >>-----Original Message----- >>From: Robin Berjon [mailto:robin@berjon.com] >>Sent: Monday, June 25, 2012 10:52 AM >>To: Carr, Wayne >>Cc: W3C SysApps >>Subject: Re: capability restrictions in the runtime strawman >> >>On Jun 25, 2012, at 10:23 , Carr, Wayne wrote: >>>> For instance, the ability to load remote scripts into a secure >>>> context creates interesting security issues. Should it be disabled, >>>> or should developers who rely on that for trusted apps just be made >>>> to dress up as Barney the Dinosaur for the following three months? >>>> If remote scripts are verboten, should the same be done to images? >>> >>> It would seem odd that standalone apps that are the html5 equivalent >>> of >>"native" apps wouldn't even be able to do the equivalent of what a Web >>page can do. There can be the same kind of policy as CSP to set where >>resources can come from, set at install time. >> >>I don't want to argue either side at this point, but I think it is >>useful to take a step back and think about how you might want to frame >>this. If you think of it as removing features then it may indeed seem >>strange; but if you think of it as removing cruft (to pick a word that >>keeps this list family-friendly) such as Adam's synchronous XHR examples then it >might seem like progress. >> >>But again, that decision isn't to be made now — at this point I just >>encourage you all to take the time to think about the issue (and of >>course discuss it here to your hearts' content). >> >>-- >>Robin Berjon - http://berjon.com/ - @robinberjon >>
Received on Monday, 9 July 2012 15:05:10 UTC