- From: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
- Date: Wed, 2 Apr 2014 12:18:20 +0200
- To: 'Marcos Caceres' <w3c@marcosc.com>, GALINDO Virginie <virginie.galindo@gemalto.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>
> > - The notion of trusted application seemed to be challenged. Where > > does the WG want to go on that notion ? > > Personally, I'd like us to keep building on the Web security model. > Making arbitrary exceptions for packaged apps or changing the security > model of the Web will lead to fragmentation in the API surface and > centralization of distribution. We've seen this with all packaged app > ecosystems that have been built in the last 7 years. > > We are beginning to look at the notion of a "trusted application" as > part of the manifest in Web apps for when an user explicitly decides to > "install/add-to-homescreen/whatever" a web application. If the > application meets some predefined criteria (e.g., served over SSL, has > a Service Worker, etc.), this may grant some additional privileges to > an application by default (e.g., unrestricted storage, higher priority > caching etc.)... but we are still at the "research" stage with that. > > I think that this is going in the right direction. However, the main issue of API access remains. As mentioned before, which level of security could be done with manifest, TLS/SSL, CORS, CSP? This is something we also are investigating. BR Claes Claes Nilsson Master Engineer - Web Research Advanced Application Lab, Technology Sony Mobile Communications Tel: +46 70 55 66 878 claes1.nilsson@sonymobile.com sonymobile.com
Received on Wednesday, 2 April 2014 10:18:52 UTC