- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 29 Jan 2013 02:29:20 -0800
- To: Wonsuk Lee <wonsuk11.lee@samsung.com>
- Cc: public-sysapps@w3.org
On Mon, Jan 28, 2013 at 4:18 PM, Wonsuk Lee <wonsuk11.lee@samsung.com> wrote: > Hi. Colleagues. > > So far we had three proposals[1][2][3] for execution model and security > model from Oxford, Mozilla and Samsung electronics. Conceptually large parts > of Mozilla and Samsung’s proposals are overlapped, so I would like to ask > the editors of these proposals to merge as a one proposal. Comparing the Samsung and Mozilla specifications, the main differences seem to be: * The Samsung specification doesn't define a delivery format, but rather leaves that up to other specifications. * The APIs for installing/uninstalling/updating apps are different. The feature set of the Mozilla API appears to be a superset of the feature set of the Samsung API. For example it supports more fine-grained control over updates. * The Samsung API for Application objects supports managing application visibility and has a few more events for application life cycle (launch/pause/resume). * The Mozilla API for Application objects has more support for delivery format integration, for example though the manifest property. * The security model in both drafts are very vaguely defined :-) Especially defining the details around signing is missing from both specifications. * The Mozilla specification contains System Messages. * The Samsung specification contains service pages (which I've yet to fully read up on, but they seem to serve a similar goal to system messages) While I think we could use write the delivery format as a separate specification, I think we need to have a defined delivery format. Both because having an interoperable delivery format is required in order to have interoperable implementations, and because the different delivery formats have different capabilities and so affects what features we design for the runtime. For example, only the Mozilla delivery formats support system messages, and so it doesn't make sense to define system messages in the runtime if the delivery format doesn't support them. So I'm happy to explore breaking out the delivery mechanism out of the runtime spec, but only once we have an agreed upon delivery mechanism and published working draft for it. Would it be acceptable to you to add the features from the Samsung specification that are missing in the Mozilla specification and use that as basis for FPWD? In particular we'd need to add: * Events for application life cycle. These would likely have to be added to the ApplicationManagement interface in the mozilla draft since the Application object is accessible to other sites than the application itself. * API for managing showing/hiding an application. This would leave figuring out service pages vs. system messages, but that might not need to hold up the FPWD? I think Google has something similar to service pages too in their runtime so it's something I'm happy to look into more. > In addition, concerning to security model, we had proposal from John Lyle of > Oxford. So I think it would be great if this is harmonized with security > part of merged one. What do you think? The document from John Lyle seems more like a requirements document, than an actual specification for a security model. So I think it's fine to keep as a separate document that we can develop separately and use to evaluate the security model of the various drafts for the security model as we go. / Jonas
Received on Tuesday, 29 January 2013 10:30:18 UTC