Re: [w3ctag/design-reviews] (brand new ✨) Web Install API (Issue #1051) from Marcos Cáceres on 2025-06-05 (public-webapps-github@w3.org from June 2025)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 05 Jun 2025 03:00:00 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/1051/2943539903@github.com>

marcoscaceres left a comment (w3ctag/design-reviews#1051)

Hi Diego,

Following our discussion [in the TAG breakout on 24 April ](https://github.com/w3ctag/meetings/blob/gh-pages/2025/telcons/04-21-minutes.md#design-reviews1051-brand-new--web-install-api---torgo-marcoscaceres-agenda), we are closing this review with an Unsatisfied resolution.

We appreciate the work done to revise the proposal and we understand that you believe the new version addresses the concerns we previously raised. As we discussed on the call, the consensus view of the TAG is that the user need and design for same-origin installation is clear, and we are strongly supportive of enabling that functionality. However, we don't feel that the ID override mechanism is necessary, but it's probably something the Web Apps Working Group or implementers should spend time considering. We would like to see same-origin installability deployed and tested in the ecosystem, as we believe it will help to validate the user experience and inform any future work toward cross-origin installability.

If the cross-origin parts of the proposal were separated, this proposal would be "Satisfied with Concern" - the concerns being related to the ids.

However, we remain concerned about the inclusion of cross-origin installation capabilities in this proposal. Those concerns are detailed in our previous feedback on https://github.com/w3ctag/design-reviews/issues/946, and they remain unresolved. In particular, we remain concerned about:

* The potential centralization and gatekeeping effects of cross-origin installation;
* The potential for diminished user agency and control over installation;
* The privacy implications of cross-origin installation signals.

While we appreciate the improvements and refinements made, we continue to believe that cross-origin installation introduces significant risks without sufficient justification at this stage. We encourage focusing first on delivering a very simple same-origin install experience, and revisiting cross-origin capabilities based on real-world experience, user needs, and implementer interest.

--
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1051#issuecomment-2943539903
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1051/2943539903@github.com>

Received on Thursday, 5 June 2025 10:00:04 UTC