Re: Discussing security model of sysapps from Marcos Caceres on 2014-04-01 (public-sysapps@w3.org from April 2014)

From: Marcos Caceres <w3c@marcosc.com>
Date: Tue, 1 Apr 2014 16:03:49 -0400
To: POTONNIEE Olivier <olivier.potonniee@gemalto.com>, GALINDO Virginie <virginie.galindo@gemalto.com>, Dave Raggett <dsr@w3.org>
Cc: Mounir Lamouri <mounir@lamouri.fr>, Wonsuk Lee <wonsuk11.lee@samsung.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>
Message-ID: <etPan.533b1ba5.33ae3b8f.df4d@Marcoss-MacBook-Pro.local>

On April 1, 2014 at 12:30:33 PM, Dave Raggett (dsr@w3.org) wrote:
> > >> ... there is a general consensus on using a
> >> manifest for the web app's metadata. Browsers can download  
> this along
> >> with the rest of the app's components, avoiding the need for  
> packaging.
> > There is not interoperable way to do this. The manifest is not  
> sufficient, unless we add additional data in it, to download  
> the full set of application's resources. What is a "packaged"  
> app and how to download it is not specified.
>  
> I believe that although there is no detailed agreement on packaged  
> apps,
> there is an shared intention to support hosted apps in an interoperable  
> way. I would like to hear more about how the browser determines  
> the
> full set of components to download and cache when "installing"  
> a hosted
> app. My understanding is that the manifest file isn't intended  
> to list
> the app's components. The appcache spec is known to flawed and  
> it would
> be good to get an update on progress on replacing it.

There are details here:
https://github.com/slightlyoff/ServiceWorker/blob/master/explainer.md


> > You say:
> >> Apps may be divided up according to whether they have a digital  
> >> certificate from a trusted third party.
> > The is no specification defining how to attach a signature to  
> a SysApp (there was widget signatures though, but this is not  
> applicable to Sys Apps as is). This is probably something we have  
> to address.
>  
> It looks like we certainly need a standard way to attach signatures  
> to
> hosted apps, and this presumably is tied up to how the set of app  
> components are referenced.


We probably need to describe this problem better - particularly in how it relates to the architecture of the Web. It would be great to not have to go an ask someone for a digital key to be able to access APIs (as this leads to centralization, gate-keeping, and exclusion). We should only do that if all else fails, but should not be our starting point.

Received on Tuesday, 1 April 2014 20:04:19 UTC