Re: [w3ctag/design-reviews] Isolated Web Apps (Issue #842) from Lea Verou on 2023-07-05 (public-webapps-github@w3.org from July 2023)

From: Lea Verou <notifications@github.com>
Date: Wed, 05 Jul 2023 09:02:17 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/842/1622056417@github.com>

Hi @reillyeon,
  
We looked at this today during our plenary call. First, we do agree that the use cases should be possible to address within the Web Platform itself, but do have some concerns:

1. We are unclear on how this compares to some of the related work on this topic (a lot of which is also listed in the explainer). Given that the use cases presented are all different brands of the same use case (end-to-end encryption for instant messaging) we are a bit concerned about the solution being overfitted to very specific use cases, and having to be redesigned later, as more diverse use cases emerge.
  
Given that this presents an app installation mechanism, we think it's important for it more broadly take the use cases for app installation into account (e.g. installation as a more explicit indication that certain very powerful APIs should be available, where a permissions prompt or user activation is not a sufficient signal). We don't want the Web Platform to end up with several *different* installation mechanisms.
  
2. The explainer mentions signed web bundles, but there is no reference to how signed web bundles would work. Is that in scope for this work? Is it defined somewhere else? How do developers sign these?
  
3. We are unclear on what the user experience looks like from the end-user’s point of view. You mention that this is not a desirable model for most web applications, which implies that the user experience is impacted in some way that makes the trade-off only worth it in security-sensitive applications, but there is no description of what this user experience looks like.
  
4. What’s the upgrade path from a PWA of today into an Isolated Web App? 
  
5. We are concerned about the lack of multistakeholder support. Looking at the [Chrome Status](https://chromestatus.com/feature/5146307550248960) entry, there are no signals from any other stakeholder, not even web developers. If this is going to be a thing we think it's really important to get other stakeholders involved. A W3C workshop or a TAG task force might be an appropriate mechanism to achieve multistakeholder support and to bring in existing related work.

6. We want to note that [Borderless mode](https://github.com/w3ctag/design-reviews/issues/852) has a dependency on this work. We are concerned about going ahead with that before these packaged and signed apps are consensus-based and more stable.
  
Thank you for working with us, and we look forward to your thoughts.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/842#issuecomment-1622056417
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/842/1622056417@github.com>

Received on Wednesday, 5 July 2023 16:02:22 UTC