- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 27 Mar 2015 06:49:21 +0100
- To: "public-web-security@w3.org" <public-web-security@w3.org>
Apparently the W3C SysApps WG is closing without reaching the target of having two independent implementations. I think this is yet another indication that putting feature-rich system-level APIs in the Web maybe isn't as workable as once thought. Some people claims that permissions is the solution but I doubt that they have tried to visualize that on for example EMV-payments: "merchant.com wants to access your smart card, do you agree?" would never pass EMV certification. An obvious work-around is instead of exposing sensitive low-level APIs to the Open Web, define a generic solution for EXTERNAL, "web-callable", trusted, packaged, service-oriented, subsystems which: 1) are not crippled by SOP 2) offer abstraction so that variances in low-level APIs and architectures doesn't bother web developers 3) provide UIs that matches the specific use-case (service) 4) can be written by third-parties 5) can be standardized when needed The lack of a standard for this is recognized: https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0155.html A tel-con could be handy at this stage. Anders
Received on Friday, 27 March 2015 05:49:52 UTC