- From: Ashley (Scirra) <notifications@github.com>
- Date: Tue, 27 Feb 2018 10:21:28 +0000 (UTC)
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/626/368821322@github.com>
I think it's worth pointing out that Microsoft now support PWAs in the Windows Store, with full access to the WinRT APIs. Their approach appears to be reasonably secure and it solves all the problems we have, since the additional API surface exposes everything else we need. A Windows Store app can declare file extension associations in its (equivalent to a) manifest. Upon installing the app, if nothing else claims to use those file extension associations, it automatically applies them. (I think if other apps claim to support them, it adds it to an "Open with" list.) Additional features allow access to the file system, with an interesting permission model that is worth highlighting: - Apps start off with no permission to any files or folders at all, except a few system defaults like the app install directory, and a temp folder for the app. - The app can _only_ access other files by bringing up a "file picker" dialog. If the user chooses a file, the app gains access to _only_ that file. You can't access its folder, see other files in the folder, etc. - The app can also access entire folders by bringing up a "folder picker" dialog. If the user chooses a folder, the app is granted access to the entire contents of that folder (recursively). - In both cases the app is allowed to request to have these permissions remembered. This means the next time the app is launched it can automatically access the files without needing a dialog first. There is a limit to how much can be remembered and I think the platform is allowed to deny remembering the permission for any reason. - The app may perform operations between files like moving and copying, but _only_ within the whitelisted files and folders. (This can involve a bit of refactoring, e.g. you don't automatically have permission to write sibling files in the same folder as another file; you may have to use the temp folder instead.) In other words file system access allows the minimum access possible after a user explicitly selects parts of the file system from UI, with the optional ability to remember this. Hosted web apps in the Windows Store can already do this, and it seems to have passed Microsoft's security review, so it might be a model to consider for the wider web. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/626#issuecomment-368821322
Received on Tuesday, 27 February 2018 10:22:44 UTC