- From: ashok malhotra <ashok.malhotra@oracle.com>
- Date: Wed, 17 Mar 2010 16:16:12 -0700
- To: marcosc@opera.com
- CC: public-webapps@w3.org, "www-tag@w3.org" <www-tag@w3.org>
Thanks, Marcos! We will discuss this at the TAG mtg next week. All the best, Ashok Marcos Caceres wrote: > (The following is my personal opinion about widgets) > > On Thu, Mar 11, 2010 at 10:58 PM, ashok malhotra > <ashok.malhotra@oracle.com> wrote: > >> John Kemp has kindly created A Taxonomy of Web Applications for the TAG. >> See >> http://www.w3.org/2001/tag/2010/03/web-apps-taxonomy/web-apps-taxonomy.html >> It would be good if some of the WebApps folks could review and comment. >> >> Also, I suspect that behind the many documents that the Web Apps WG is >> producing lies >> an architectural vision. If someone could spend a few minutes articulating >> this vision, I think it >> would be very helpful. >> >> > > I had a quick look, and just wanted to raise two points... > > # Trust often established between widget and widget platform (by means > of crypto signatures) > > This is not quite right: The Dig Sig spec says "Widget authors and > distributors can digitally sign widgets as a mechanism to ensure > continuity of authorship and distributorship. Prior to instantiation, > a user agent can use the digital signature to verify the integrity of > the widget package and to confirm the signing key(s)." However, this > should not be confused with "trust" in any way (e.g., an author I > trust could turn evil, or the widget could be hijacked). > > # Trust often proxied by use of an "app-store" model > > Again, I kinda get what you mean here, but this is not the sole > intention - and an appstore cannot really guarantee trust (as above). > There are lots of trust models that will hopefully emerge around > widgets (such as community mediated trust - where a community needs to > approve something as safe before it can be used on devices). Depending > on single points of trust is a bad thing, IMO. The central idea is > that anyone can be an app store and that (hopefully) widgets engines > will be able to get widgets from anywhere on the Web (i.e., totally > decentralized distribution model). > >
Received on Wednesday, 17 March 2010 23:17:19 UTC