Re: Calling installed SysApps from the [untrusted] web?

On 2014-11-20 13:44, Janusz Majnert wrote:
> We still don't have a Runtime specification, so there's no simple
> answer. I would opt to not allow framing sysapps. They should be
> standalone. Having said that, I'm not sure what the implications of
> using ServiceWorkers-based solution are.

Thanx Janusz,
Maybe I should explain one of the scenarios I had in mind?

Let's say you have an installed payment application (aka "wallet").
How could a merchant interact with that in way that would be comparable
to a wallet that is an intrinsic part of the browser? The reason for
asking is because the latter is clearly on the radar given Apple Pay.

I have personally used the url-protocol-scheme for launching Android
apps and although it sort of works, it also sucks quite a bit.

A possible solution which I have begun thinking about is creating a new
class of hosted IFRAME-based web-applications which may use protected
features but are signed and vetted (for doing the right thing) which can
only communicate through postMessage with embedding, untrusted web-apps.
It would be something like browser-plugin-lite :-)

Regards,
Anders

>
> Instead, I think that sending messages to other apps could be one of
> sysapps APIs (something like intents?).
>
> Regards,
>
> Janusz Majnert
> Senior Software Engineer
> Samsung R&D Institute Poland
> Samsung Electronics
>
> On 12.11.2014 07:56, Anders Rundgren wrote:
>> Pardon for being a n00b but the following is fundamental
>> for the WebCrypto.Next project...
>>
>> Can you call installed (signed and packaged) web-apps from
>> a ordinary hosted web application?  How would they interact?
>> Could you "IFRAME" and postMessage() a sysapp?
>>
>> Cheers,
>> Anders
>>
>>
>

Received on Thursday, 20 November 2014 13:53:23 UTC