Re: Use Cases and Requirements for Saving Files Securely from Jonas Sicking on 2009-11-03 (public-webapps@w3.org from October to December 2009)

From: Jonas Sicking <jonas@sicking.cc>
Date: Mon, 2 Nov 2009 23:01:38 -0800
To: Doug Schepers <schepers@w3.org>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>, public-device-apis@w3.org
Message-ID: <63df84f0911022301r63d79a76pc448aeb09cccb1be@mail.gmail.com>

On Mon, Nov 2, 2009 at 12:48 PM, Doug Schepers <schepers@w3.org> wrote:
> Hi, Folks-
>
> During the TPAC joint meeting between the WebApps and DAP WGs, we discussed
> security policies and use cases and requirements around saving files in
> different scenarios: public web resources (web pages and apps), widgets,
> mobile device and desktop browsers, locally-installed applications, etc. [1]
>
> To kick this thread off, I'd like to suggest the trust model that already
> exists for local applications and browsers, which is to open a modal dialog
> that allows the user to select the file the application can save to; for
> webapps, I suggest the extra security consideration we add is to have the
> file hook which is returned is completely opaque (as far as the directory
> and file name) to the web app, and it just knows where to write.  Further,
> we should limit the upper bounds of the file size. I don't have any thoughts
> about auto-save across sessions, but it should be addressed (probably not
> allowed).
>
> This could be evoked through the UI convention of a file dialog, or just as
> a bare API (if the user preferences allow the API to ask about saving
> files).  In any case, it should never be a "cool" webapp-specific file API
> dialog, only ever the native dialog of the browser (be it a desktop or
> mobile).
>
> Please send in use cases, requirements, concerns, and concrete suggestions
> about the general topic (regardless of your opinion about my suggestion).
>
> [1] http://www.w3.org/2009/11/02-dap-irc#T20-40-39-1

It seems to me that there were (at least) two types of 'save' features
being discussed today.

1. The ability for something like google docs to bring up a "save as"
dialog to save the document in a user chosen location.
2. The ability for pages to write to a virtual filesystem using a
location and name picked by the page.

It sounds like you are primarily referring to the first of these, is
that a correct understanding?

I agree that this seems like a good place to start. You can actually
do this already, although it's far from elegant:

a = document.createElement('a');
document.body.appendChild(a);
a.href = "data:application/octet-stream;base64,...";
a.click();

I believe that will bring up the standard browser save-as dialog.
Obviously it would be nice to have something better than that. I think
what we need is something is:

* A way to create a Blob object based on data created by the page.
* An API that given a Blob shows a "safe file as" dialog to the user.

I think the former is something we'll need anyway, and once we have
that the latter is an easy addition.

/ Jonas

Received on Tuesday, 3 November 2009 07:02:39 UTC