- From: Kostiainen, Anssi <anssi.kostiainen@intel.com>
- Date: Thu, 16 Jan 2014 10:12:52 +0000
- To: Dave Raggett <dsr@w3.org>
- CC: "public-sysapps@w3.org" <public-sysapps@w3.org>
Hi, On 10 Jan 2014, at 20:46, Dave Raggett <dsr@w3.org> wrote: > I have been asked to explore the potential for holding a W3C workshop focusing on web applications, the role of standards for system APIs, and what's needed to support open marketplaces for web applications, e.g. for ease of discoverability, trust models and so forth. The workshop would be an opportunity to bring together people from different projects and to share experiences, and discuss use cases and areas where further work is needed? Dave - thanks for the heads up. Personally, I think it may be beneficial to formulate the problem statement a bit differently, more tightly perhaps. As Marcos pointed out, the industry has tried to solve the outlined problems for quite some time. These are hard problems, especially if we try to address them in their entirety. While we have been doing good progress in certain areas, I think it is fair to say we must embrace the prevalent permission, security, and trust models of the Web and build upon them to get the benefits of the Web too. Good things like universal access, discoverability through search engines, and an ability to share and discover content through plain old URLs without the middleman, for example. That said, I feel there’s an opportunity to make progress on some topics that could be in scope for the workshop: * How to gradually build trust when a user is having a conversation with a web resource, mediated by the User Agent? In abstract this is pretty similar to how humans interact with each other when they build trust relationships. Trust builds over time. You do not give your keys to a stranger you just met, but you probably happily tell your first name, for example. How this relates to the Web? Perhaps a user who has bookmarked a site trusts it a bit more than a site that she has not bookmarked? Or if a user visits a particular site every day, she may trust the site more. Or if other people she relates to do the same (reputation system). This should work both ways, and a site may lose a user’s trust as well. * We have a set of trust gestures built in to the platform such as bookmarking, uploading a file using the file picker, and drag and drop. I think it is important to ensure we understand and use these implicit permissions grants where appropriate instead of inventing new ones. The good old writeup by Robert O’Callahan at [1] is still relevant. Also the Mozilla’s position paper [2] from a 2008 workshop gives historical background from the time when the Geolocation API was the new thing. To sum up, exposing more powerful APIs to the platform is not inherently bad. But if such APIs are only exposed to a subset of the Web (e.g. content distributed through often curated marketplaces), it is certainly not optimal considering the long-term health of the Web. We must ensure we evolve the Web as a whole, without boundaries. I feel that understanding, evolving, and building atop the permission, security and trust models *of the Web* is the crux. > What do you think? Should W3C be seeking to put a spotlight on web apps and web-based OSes? Having a workshop — assuming we do not revisit the problems we have tried to solve multiple times before without great success -- sounds like a good idea. Thanks, -Anssi [1] http://robert.ocallahan.org/2011/06/permissions-for-web-applications_30.html [2] http://www.w3.org/2008/security-ws/papers/mozilla.html
Received on Thursday, 16 January 2014 10:13:31 UTC