- From: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
- Date: Tue, 18 Mar 2014 17:26:07 +0100
- To: "'Kostiainen, Anssi'" <anssi.kostiainen@intel.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>
- CC: "Jovanovic, Zoran" <Zoran.Jovanovic@sonymobile.com>, "Isberg, Anders" <Anders.Isberg@sonymobile.com>, "Falk, Mattias" <Mattias.Falk@sonymobile.com>, "Sato, Naoyuki (TDG)" <NaoyukiB.Sato@jp.sony.com>, "Igarashi, Tatsuya" <Tatsuya.Igarashi@jp.sony.com>
Thanks for your reply Anssi, Marcos has fixed a repo, https://github.com/sysapps/app-management/, and the rendered version is here: http://app-management.sysapps.org/. My next step is to rewrite the API to be based on promises. > I think it would be beneficial to a have a bit more elaborate use cases > for this feature early on. Currently, the proposal has the following > three bullets: > > [[ > > Examples of use cases for this API are: > > * Web based marketplace / app installer > * Web based home screen (application dashboard) > * Company portal Regarding a "Web based marketplace / app installer": Compare with Android. Here we have the Google Play app store application, which allows a user to find Android apps and install them. There are also other app stores, e.g. the Amazon Appstore for Android and Nokia Android app store (has been announced). These app stores are installable Android applications. In web app eco-system app stores can be provided as web applications must therefore have access to an Application Management API that for example can be used to install applications as well as list applications that are already installed from this application provider. We are looking on more use cases and will come back with more detailed information. > Would this API be out of the scope for browsers, assuming the > traditional browser security model? > > More specifically, do you see this proposal interacting with the > Manifest (http://w3c.github.io/manifest/)? As I state below the API should only be exposed to content that can be verified as trusted, which is similar as for the other APIs specified by SysApps. If we can consider the traditional browser as trusted if use the already available security mechanisms such as transport layer security, CSP, and so on, is a bigger question that is not unique for this SysApps API. However, I don't think the API can be exposed to a traditional browser based on a "user consent" model for allowing a web app access to the API. The current version of the API has a reference to the Manifest specification. Best regards Claes Claes Nilsson Master Engineer - Web Research Advanced Application Lab, Technology Sony Mobile Communications Tel: +46 70 55 66 878 claes1.nilsson@sonymobile.com sonymobile.com > -----Original Message----- > From: Kostiainen, Anssi [mailto:anssi.kostiainen@intel.com] > Sent: den 13 mars 2014 10:38 > To: Nilsson, Claes1; public-sysapps@w3.org > Cc: Jovanovic, Zoran; Isberg, Anders; Falk, Mattias; Sato, Naoyuki > (TDG); Igarashi, Tatsuya > Subject: Re: Proposal for an Application Management API > > Hi Claes, > > On 03 Mar 2014, at 14:05, Nilsson, Claes1 > <Claes1.Nilsson@sonymobile.com> wrote: > > > In order to open up the possibility to provide web based home > screens/application dashboards web runtimes need to provide some kind > of Application Management API. > > [...] > > I think it would be beneficial to a have a bit more elaborate use cases > for this feature early on. Currently, the proposal has the following > three bullets: > > [[ > > Examples of use cases for this API are: > > * Web based marketplace / app installer > * Web based home screen (application dashboard) > * Company portal > > ]] > > I assume you'll be working on expanding the use cases section first? > With the use cases at hand, the group would be better equipped to > provide feedback. > > > The context in which this API is to be used is a web runtime that > provides some kind of web application installation/bookmarking concept. > Furthermore, as with other SysApps APIs the API should only be exposed > to content that can be verified as trusted. > > Would this API be out of the scope for browsers, assuming the > traditional browser security model? > > More specifically, do you see this proposal interacting with the > Manifest (http://w3c.github.io/manifest/)? > > > Could this API be added to agenda for the April F2F-meeting? > Unfortunately I am not able to travel to the meeting but I will > participate remotely so a morning time slot would be appreciated. > > Having use cases at the meeting would be great. > > Thanks, > > -Anssi
Received on Tuesday, 18 March 2014 16:26:37 UTC