Re: [manifest] Native API Permissions (#319) from Ben Francis on 2015-03-05 (public-webapps-github@w3.org from March 2015)

From: Ben Francis <notifications@github.com>
Date: Thu, 05 Mar 2015 05:53:24 -0800
To: w3c/manifest <manifest@noreply.github.com>
Message-ID: <w3c/manifest/issues/319/77366681@github.com>

@alxlu wrote:
> We have APIs for hosted apps that would benefit from being able to define how much access each URI has to certain types of APIs in the manifest.

Can you give some examples of APIs you'd like to expose to the web? Perhaps they are APIs we can work towards standardising? Are they things which could safely be exposed to any web page with informed user consent, or would they require some kind of code review and code signing process by a trusted party?

> I like the idea of limiting the resource from which an API can be called, but what about providing the developer more control over this in the manifest?

You might be interested in reading my privileged hosted apps proposal, and the resulting discussion. The idea is to enumerate the resources (with hashes) in the app manifest, and have a trusted party sign the manifest.
https://groups.google.com/forum/#!msg/mozilla.dev.webapi/pCY77YAg_i4/HxS89bvQ7wsJ

There are challenges with this proposal such as what origin the resources would be considered being part of, how updates are handled and how distributed the trusted parties can be.

Another proposal is hosted signed packages https://bugzilla.mozilla.org/show_bug.cgi?id=1036275

This has similar challenges. Input is welcome!

> One of the factors that made us feel it was worthwhile to include permissions in the manifest is that it adds a secondary layer of security.

This is what we did with mozApps too, the permissions in the manifest are not requested at install time, it just limits the maximum permissions which can be requested during run time. Some permissions are granted implicitly simply through the act of "installing" though.

@marcosc wrote:
> We are hoping to kill the whole "hosted app" thing soon (at least from Mozilla's perspective). 

I assume by this you mean that all web apps should be hosted apps?

> We don't have app stores on the Web

Actually we do, but we shouldn't need them :)

@alxlu , as Marcos says, an "ms_permissions" property is one way to achieve this and still be standards compliant. But perhaps there are permissions for APIs you need which could be standardised and could justify a standard "permissions" property in the manifest in future?

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/319#issuecomment-77366681

Received on Thursday, 5 March 2015 13:53:57 UTC