Re: ACTION-401Ask WebApps to Review Taxonomy

(The following is my personal opinion about widgets)

On Thu, Mar 11, 2010 at 10:58 PM, ashok malhotra
<> wrote:
> John Kemp has kindly created A Taxonomy of Web Applications for the TAG.
> See
> It would be good if some of the WebApps folks could review and comment.
> Also, I suspect that behind the many documents that the Web Apps WG is
> producing lies
> an architectural vision.  If someone could spend a few minutes articulating
> this vision, I think it
> would be very helpful.

I had a quick look, and just wanted to raise two points...

# Trust often established between widget and widget platform (by means
of crypto signatures)

This is not quite right: The Dig Sig spec says "Widget authors and
distributors can digitally sign widgets as a mechanism to ensure
continuity of authorship and distributorship. Prior to instantiation,
a user agent can use the digital signature to verify the integrity of
the widget package and to confirm the signing key(s)." However, this
should not be confused with "trust" in any way (e.g., an author I
trust could turn evil, or the widget could be hijacked).

# Trust often proxied by use of an "app-store" model

Again, I kinda get what you mean here, but this is not the sole
intention - and an appstore cannot really guarantee trust (as above).
There are lots of trust models that will hopefully emerge around
widgets (such as community mediated trust - where a community needs to
approve something as safe before it can be used on devices). Depending
on single points of trust is a bad thing, IMO. The central idea is
that anyone can be an app store and that (hopefully) widgets engines
will be able to get widgets from anywhere on the Web (i.e., totally
decentralized distribution model).

Marcos Caceres

Received on Wednesday, 17 March 2010 19:08:09 UTC