Re: [manifest] Native API Permissions (#319) from Ben Francis on 2015-03-09 (public-webapps-github@w3.org from March 2015)

From: Ben Francis <notifications@github.com>
Date: Mon, 09 Mar 2015 06:33:30 -0700
To: w3c/manifest <manifest@noreply.github.com>
Message-ID: <w3c/manifest/issues/319/77853364@github.com>

> Or reopen it in the browser :) It's just fancy bookmarking.

I fail to see the point of creating a manifest for a bookmarked start_url which just opens in a browsing context in a browser tab and can be navigated to any URL, it doesn't seem to provide anything that HTML couldn't already provide for that page (application-name, rel=icon etc.), most of the properties become meaningless.

To me the whole point of a web app manifest is to describe a defined URL scope as a web app which can break out of the browser and run standalone on the OS. The manifest describes properties of the web app bounded by that URL scope, rather than just the start URL. In my opinion installing a web app is *not* just bookmarking, it's a way of registering a standalone app in an OS as managing a defined URL scope separately from the browser.

> Yes, that's something that has come up in various contexts - though I don't think anyone has gone as far as to actually enable any such thing. 

They certainly have. Mozilla has implemented this in Firefox on Windows/Mac/Linux/Android [1], Google has done it on Chrome on Windows/Mac/Linux/Chrome OS [2] and Amazon on Fire OS [3].

> It doesn't work, for the reasons mentioned in #272 (many to many relationship).

It does work, mozApps have been using manifest URL to identify apps for the last three years. The question is not whether it works, it's whether multiple vendors agree that web apps should be identified by a manifest URL and whether that should be part of the spec.

A many to many relationship is only possible if the spec says that a many to many relationship is possible. I haven't seen any convincing use cases for this, and in fact it seems nonsensical. A manifest is by definition a document which describes something and is therefore unique to the thing it is describing. Why would you have multiple apps with the same name, icon and start_url?

In order to grant permissions to something you need to identify that thing. URLs work brilliantly as globally unique identifiers, and have the added advantage that they can be used to fetch updated versions of the manifest to change the permissions an app can request in the future if required.

> Well, you can via `requestFullscreen()`, for instance.

requestFullscreen() doesn't let a web page permanently hide the URL bar for a particular URL scope, it just temporarily makes an element fill the whole screen. User agents make it very obvious to the user that the page has made something full screen and allow them to reverse it.

1. https://developer.mozilla.org/en-US/Apps/Build/Manifest#permissions
2. https://developers.google.com/chrome/apps/docs/developers_guide#manifest
3. http://webcache.googleusercontent.com/search?q=cache:_1MAjEFUGGQJ:https://developer.amazon.com/sdk/webapps/manifest.html+&cd=1&hl=en&ct=clnk&gl=uk&client=ubuntu

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/319#issuecomment-77853364

Received on Monday, 9 March 2015 13:33:56 UTC