Re: Privileged and certified-level app, was Re: Clarity over direction of work on runtime and security model? from Dave Raggett on 2013-10-04 (public-sysapps@w3.org from October 2013)

From: Dave Raggett <dsr@w3.org>
Date: Fri, 04 Oct 2013 13:51:56 +0100
To: "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
CC: Marcos Caceres <w3c@marcosc.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>, Claes1 Nilsson <Claes1.Nilsson@sonymobile.com>, Kenneth Rohde Christiansen <kenneth.christiansen@gmail.com>, Anders Isberg <Anders.Isberg@sonymobile.com>
Message-ID: <524EB9EC.5040107@w3.org>

On 04/10/13 12:32, Kostiainen, Anssi wrote:
> By "this work" I referred to ServiceWorkers. Sorry, if that was unclear.

Thanks. Do we have a pointer to ServiceWorkers? This is related to Web 
Workers (currently in CR) as standardized by the WebApps WG, right?

I understand the need for apps that run for extended periods of time, 
e.g. whenever a device is powered up. Such apps may run in the 
background, akin to Android services.

>> If we see a need for rechartering, fine, but there is a definite
>> cost to doing it. Can we clarify where the current charter is
>> insufficient?

> Based on the recent discussion on the list, it seems the group may
> want to re-evaluate the expectations set for the "Execution Model"
> and "Security Model". Specifically, the current charter uses wording
> such as "how XXX differs from the traditional browser-based XXX".
> However, I'm hearing diverging too far from the current browser-based
> model may not be what the group wants.

This is indeed confusing. Ordinary apps need to be executed in the 
regular browser security context, and the browser limits access to the 
device capabilities. This is where the DAP WG APIs fit in.

SysApps was chartered for situations where apps need richer access, 
analogous to the capabilities available to native apps on Android. Such 
apps are trusted in this way either because they were pre-installed or 
have been signed by a trusted party that vouches for them. This is 
independent of whether the apps resources are locally saved at install 
time or dynamically loaded at run time. Permissions may be granted at 
install time, or at run-time as appropriate.

If I have it right, we envisage a need for a persistent service akin to 
Android services, and based upon Web Workers. These could be trusted 
"system" services, or untrusted services with very restricted access to 
device capabilities. I think this still fits within the SysApps charter, 
as it is essentially about the run-time model. Web Workers clearly 
belong to Web Apps WG, but perhaps all we need is a complementary spec 
that deals with the additional requirements for system level services.

> It could be this does not require rechartering at all, just
> clarifying the goals and the scope without rechartering formally.

We could provide clarification on the SysApps home page, with additional 
background on the wiki, or even produce a Working Group Note that sets 
out the assumptions clearly.

Best regards,
-- 
Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett

Received on Friday, 4 October 2013 12:52:31 UTC