W3C home > Mailing lists > Public > public-web-security@w3.org > October 2014

[WebCrypto.Next] Installable Security Applications - Maybe Not

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 31 Oct 2014 08:42:53 +0100
Message-ID: <54533D7D.9090207@gmail.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>
On a 50000 ft altitude installable secure web applications sounds like a cool idea.

If you OTOH look at the current landscape for security applications like mobile banking
they are to 99% built on "App" technology rather than the web.

IMO, this won't change because app-environments like Android and iOS are
developed at a much higher speed than the web.

Spending EONs of time creating standardized installable security-oriented web-apps
and associated APIs is therefore only a waste of time.  The makers of "WebOSes"
like Mozilla and Tizen probably gain more by creating proprietary "web-APIs".

A generic TEE interface which has been suggested by GlobalPlatform is an example
of a thing that would fit the description above.

That does [absolutely] not mean that all is doom and gloom, it only means that future
W3C work like WebCrypto.Next should continue building on the "open web" and leave
stuff needing app-stores, user installations and vetting to the OS-vendors to cater for.
They already do that with for example Apple Pay, Google Wallet and the Mozilla SE-API.

Just my 2 öres (nowadays 2 centimes).

- Anders
Received on Friday, 31 October 2014 07:43:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:33 UTC