- From: Marcos Caceres <w3c@marcosc.com>
- Date: Mon, 7 Oct 2013 15:27:06 +0100
- To: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
- Cc: Kenneth Rohde Christiansen <kenneth.christiansen@gmail.com>, Dave Raggett <dsr@w3.org>, "public-sysapps@w3.org" <public-sysapps@w3.org>, Isberg, Anders <Anders.Isberg@sonymobile.com>
On Friday, September 27, 2013 at 3:39 PM, Nilsson, Claes1 wrote: > What could we achieve by using a signed manifest in combination with securely transported content? > How does one sign the manifest? What format? > The manifest is signed by the app store and states that the url: https://www.foo.com/myapp is trusted. Content Security Policy is set to script-src 'self'. All script content must come from the same site, i.e. it should not be allowed to load script content from a 3rd party. The problem is that the server can still be hacked (e.g., the hosted app loads an RSS feed or user comments). > With this model the app store can revocate the manifest similar to revocation of packaged app. > The WG does not have a "kill switch" AFAIK. I don't know if anyone even implemented such a thing for W3C widgets in the old days. -- Marcos Caceres
Received on Monday, 7 October 2013 14:27:42 UTC