- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 31 May 2012 12:05:43 -0700
- To: "Michael[tm] Smith" <mike@w3.org>
- Cc: public-sysapps@w3.org
Thanks Mike. I certainly appreciate your feedback. I think we'd like to say that the context in which these APIs are available is part of the Web, thereby using an inclusive definition of the Web similar in the "one web" spirit. Maybe we should speak in terms of "browsing interactions," so we might say that these APIs aren't safe in the context of browsing the web, but might be safe in other modes of interacting with the web. (Detailed responses inline.) Adam On Thu, May 31, 2012 at 11:29 AM, Michael[tm] Smith <mike@w3.org> wrote: > Adam Barth <w3c@adambarth.com>, 2012-05-29 10:33 -0700: >> I'm not sure I quite understand the motivation behind your email. Is >> there something wrong with the term? > > Don't want to beat this into the ground man, and I'm not saying it's > "wrong". It's just that it's not in common use, and it's opaque. And it > seems like for whatever reason it's trying to explain the scope of this new > work in terms of what it's not instead of in terms of what it is. > >> As far as I know, it's a new term, but the need for the term is also new. >> The intent is to distinguish between the usual browser execution model >> (and its security model and social customs) and the execution model we're >> discussing in this working group. > > The usual browser execution model is what people are already familiar with, > and this new thing is something that people are not familiar with. Or to > put it in other words, the "browse-by Web" is what all of us already just > know as "the Web", period. And this new stuff is not something that most > people think as being part of the Web. So maybe it'd be better to make it > really clear that it's not. Maybe call it the "off-Web". Or something. Rather than excluding these new contexts from being part of the Web, the goal was to have the Web be an inclusive term. I wouldn't want to say that apps that use these APIs are off-Web, they're just a part of the Web with higher security requirements, the same way that device drivers in your kernel have higher security requirements than user-land programs in Unix. >> The idea is that the "browse-by" web consists of content that's safe >> for users to casually visit in their browsers without worrying too >> much about the security consequences. > > I understand the distinction you're making, but geez, incidentally, that's > a really odd sentence. Especially coming from you. For a guy who's one of > the handful of acknowledged experts in this particular area to be talking > about an environment where users casually visit content without worrying > too much about security... > > I would think in general we want to encourage users to worry more, not less. Quite the opposite. I think we'd all like the web to be a safe place where uses can go about their business free of worry. Causing the billions of people who use the web to worry more certainly isn't the goal of security (although it might be the goal of some security consultants who sell their services using fear). >> It's meant to invoke connotations of "just browsin' by", the way one >> might take a casual stroll in a mall and browse through the shops. > > As far as wording goes, that sounds more like window shopping. "browse by" > connotes something more like "drive by". To me at least. Maybe the "by" is the problematic part. If we speak about browsing the web versus other ways of interacting with the web, we can lose the connection with drive-by shootings. :) >> By contrast, many of the APIs we plan to discuss in this group are not >> safe in the usual browser execution model, and users who are just >> causally "browsing by" ought not to be ambushed by content seeking to >> use these APIs. > > So it seems to me at least the place where those APIs are exposed it > clearly not "the Web". Not as any of us know it now. It's some other place. > So I think there'd be some benefit in making it crystal clear it's not the > Web, and it's be better to call it the "off Web" or something. Why isn't it part of the web? I guess that question hinges on semantics, and maybe isn't overly meaningful. >> Instead, the idea is to have surrounding social customs more like what's >> current used by native apps on mobile phones, where there's some sort of >> store that contains reputation information and an explicit install / >> uninstall process. > > FWIW, (and again incidentally) I think most users are way too much trusting > of that model. They simply click through all the prompts that tell them > stuff like, "This native app essentially has a keylogger that can record > every single thing you type and use that data for whatever they people who > made it want to do with that data." Yes, that's a real problem. > You obviously know way more than me about this area, but naively speaking, > it doesn'jt seem to be that trust model is such a great one to build on > further without some other effort to prevent users from inadvertently > agreeing to expose all kinds of private data that they really would not be > agreeing to expose if they actually understood what was happening. I think that's why folks on this list are quite interested in the security model deliverable. We have some ideas to contribute in this area that might help, although we obviously don't have a silver bullet. >> The main difference in "feel" between these two cases is that the >> latter doesn't feel like "browsing". It's of course all part of the >> Web, and the content itself might well have HTTP URLs and be hosted on >> servers, for example, but users don't arrive at the content by >> browsing. Hence the term "browse by" to refer to the existing model. > > I understand but I still think the term is opaque and counter-productive. > Instead of trying to coin a term to re-describe the existing model (the > Web), I think you'd be way better off coining a term to describe this new > model -- the "off Web" or whatever. > > Anyway, I'm not trying to block anything. I'm trying to give some hopefully > constructive feedback at this relatively early stage of this new thing. As > with all the other stuff we do, you all are the ones doing the actual work > on this, so just take my comments for what they're worth to you. Your comments are very helpful. We've been talking about these ideas among ourselves for a while now, so it's good to hear a fresh perspective. My sense is that many other folks will react similarly to you, so it's likely something worth improving. Thanks, Adam
Received on Thursday, 31 May 2012 19:06:47 UTC