- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 15 Jun 2010 14:48:17 -0700
- To: "SULLIVAN, BRYAN L (ATTCINW)" <BS3131@att.com>
- Cc: arun@mozilla.com, Robin Berjon <robin@berjon.com>, public-device-apis@w3.org, Ian Fette <ifette@google.com>, Web Applications Working Group WG <public-webapps@w3.org>
On Tue, Jun 15, 2010 at 2:24 PM, SULLIVAN, BRYAN L (ATTCINW) <BS3131@att.com> wrote: > Arun, > > The basic concern I have is with the notion of "browsers" as the only > Web context and use-case that matters. The browser-based model for API > integration view (as I understand your position) is that the user must > be actively involved in every significant action, and choose explicitly > the actions that enable integration with browser-external resources > (including local and remote). Step back and you will see the > inconsistency in that (what would Ajax be if the user had to approved > every HTTP API request via an <input> element?). > > Webapps are much more than just dynamic Web pages. They are > applications, and with HTML5 will have the ability to rival desktop > applications, as is clearly the vision of many in the industry. It might > even enable a return to a thin client world (e.g. browser as OS) in > which most significant resources are cloud-based. I see the logic and > value in that, but it's not the only valid (and valuable) model. > > W3C focuses on the Web, and the Web is bigger than the browser use-case. > HTML5 and the APIs that attach HTML-based applications to the world can > actually be the application platform for the next era of the Web, but > only if we do not limit the options to the user-centric/control > paradigms of the past. Hi Sullivan, I certainly agree that browsers aren't the only web context or use-case. However I strongly feel that we should design APIs for browsers separately from APIs where the security model is different from that of browsers. For example in a browser it is unacceptable for the web page to read the users file system without the user first granting access to this. And even then there are likely restrictions as to prevent users from getting hacked just because they clicked "yes" on a dialog they didn't understand and just wanted to go away (aka the "whatever dialog" problem). On the flip side, it might make a lot of sense for a widget running on a mobile phone, which some authority has authorized, to have read access to large parts of the phones file system. And possibly even write access to parts of it. However these differences in security model will likely lead to differences in API. This is ok. Lessons from the past, with for example the DOM-Core spec, show that if we try to create an API that fit too many different audiences (in that case it was both server-side environments, as well as web pages). I would really like to avoid repeating similar mistakes. So my suggestion is that we let the FileWriter and File System APIs be ones that are designed for the browser security model. And let them be designed in the webapps WG which is already working on several very similar features (for example I would argue that IndexedDB should supersede File system). If you or anyone else wants to design similar file related specifications, but that has different security model or otherwise different requirements than what exists in the web browser context, then this in no way should impact you. If this should happen in DAP, BONDI, or even in WebApps is a separate question which I basically don't have much of an opinion on at all. / Jonas
Received on Tuesday, 15 June 2010 21:49:10 UTC