[w3ctag/design-reviews] Isolated Web Apps (Issue #842) from Reilly Grant on 2023-05-06 (public-webapps-github@w3.org from May 2023)

From: Reilly Grant <notifications@github.com>
Date: Fri, 05 May 2023 17:04:52 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/842@github.com>

こんにちは TAG-さん!

I'm requesting a TAG review of Isolated Web Apps.

This proposal provides a way to build applications using web technologies that will have useful security properties unavailable to normal web pages. To enable stronger security these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer.

There are two main questions I am looking for answers to from the TAG: 

First, is this proposal architecturally sound on its own?

Second, given the context provided by this proposal, is the TAG interested in reviewing proposals that depend on it? For example, an [earlier TAG review of the Direct Sockets API](https://github.com/w3ctag/design-reviews/issues/548) failed because it was missing effective mitigations for the security concerns. Does the TAG agree that this proposal could provide such mitigations?

  - Explainer¹ (minimally containing user needs and example code): https://github.com/WICG/isolated-web-apps
  - User research: None
  - Security and Privacy self-review²: https://github.com/WICG/isolated-web-apps/blob/main/SecurityPrivacyQuestionnaire.md
  - GitHub repo: https://github.com/WICG/isolated-web-apps
  - Primary contacts:
      - Reilly Grant (@reillyeon), Google
  - Organization/project driving the design: Google
  - External status/issue trackers for this feature: https://chromestatus.com/feature/5146307550248960

Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): Web Incubator Community Group
  - The group where standardization of this work is intended to be done ("unknown" if not known): unknown
  - Existing major pieces of multi-stakeholder review or discussion of this design: None yet
  - Major unresolved issues with or opposition to this design: None yet
  - This work is being funded by: Google

You should also know that...

The explainer for this proposal is divided into 4 documents:
* The [main explainer](https://github.com/WICG/isolated-web-apps/blob/main/README.md) covers the overall goals of the proposal.
* The [scheme explainer](https://github.com/WICG/isolated-web-apps/blob/main/Scheme.md) covers the design of the proposed isolated-app:// scheme.
* The [permissions explainer](https://github.com/WICG/isolated-web-apps/blob/main/Permissions.md) covers an addition to the Web Application Manifest which allows a minimum Permissions Policy to be applied to the entire application.
* The [updates explainer](https://github.com/WICG/isolated-web-apps/blob/main/Updates.md) covers how applications will be updated.

We'd prefer the TAG provide feedback as:

  ☂️ open a single issue in our GitHub repo **for the entire review**

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/842
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/842@github.com>

Received on Saturday, 6 May 2023 00:04:57 UTC