- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 26 Nov 2014 09:47:54 +0100
- To: sysapps <public-sysapps@w3.org>
Dear List, Since the SysApps runtime model still seems to be incomplete or missing (?), I take the liberty outlining another model which has grown out of my work with Payments, Identity and Security Tokens. There's obviously a need for locally installed systems applications like telephone dialers but these are IMO just like other "Apps" and I have nothing to add here. So quickly over to something completely different... Let's say that you wanted to have a phone call utility on a customer support web-page. This is already available but through proprietary solutions, right? This could be done in a portable fashion through a hosted SysApp created as an IFRAME and then embedded by the customer support web-page. That is, the UA would still consider the code as trusted but it would also be able to communicate through postMessage() which is much nicer than web-intents (which BTW appears to have died somewhere down the road...). For payments this would be even more useful since a local wallet like Apple Pay doesn't really work on the web. A hosted, transiently downloaded wallet would security-wise be identical to the same wallet application locally installed, while still being embedded by a untrusted merchant application. The upper part of the WebCrypto++ specification illustrated on http://webpki.org/papers/PKI/pki-webcrypto.pdf#page=2 shows how the hosting, packaging and application isolation would be architected. However, unlike WebCrypto++, the signature must now be trusted by the *platform*. If this is actually working, it could give the web a well-deserved push forward; right now the battle between native and web appears to be rather uneven. Even if you are not interested in payments, you may using a recent Chrome (or Firefox/Beta), try the following semi-mockup/demo which hi-lites the potential of hosted, embedded and locally trusted apps that also aren't being crippled by SOP: https://mobilepki.org/WebCryptoPlusPlus Thoughts? Cheers, Anders R
Received on Wednesday, 26 November 2014 08:48:28 UTC