Re: ACTION-401Ask WebApps to Review Taxonomy from ashok malhotra on 2010-03-17 (public-webapps@w3.org from January to March 2010)

From: ashok malhotra <ashok.malhotra@oracle.com>
Date: Wed, 17 Mar 2010 16:16:12 -0700
To: marcosc@opera.com
CC: public-webapps@w3.org, "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <4BA162BC.4030409@oracle.com>

Thanks, Marcos!  We will discuss this at the TAG mtg next week.
All the best, Ashok


Marcos Caceres wrote:
> (The following is my personal opinion about widgets)
>
> On Thu, Mar 11, 2010 at 10:58 PM, ashok malhotra
> <ashok.malhotra@oracle.com> wrote:
>   
>> John Kemp has kindly created A Taxonomy of Web Applications for the TAG.
>> See
>> http://www.w3.org/2001/tag/2010/03/web-apps-taxonomy/web-apps-taxonomy.html
>> It would be good if some of the WebApps folks could review and comment.
>>
>> Also, I suspect that behind the many documents that the Web Apps WG is
>> producing lies
>> an architectural vision.  If someone could spend a few minutes articulating
>> this vision, I think it
>> would be very helpful.
>>
>>     
>
> I had a quick look, and just wanted to raise two points...
>
> # Trust often established between widget and widget platform (by means
> of crypto signatures)
>
> This is not quite right: The Dig Sig spec says "Widget authors and
> distributors can digitally sign widgets as a mechanism to ensure
> continuity of authorship and distributorship. Prior to instantiation,
> a user agent can use the digital signature to verify the integrity of
> the widget package and to confirm the signing key(s)." However, this
> should not be confused with "trust" in any way (e.g., an author I
> trust could turn evil, or the widget could be hijacked).
>
> # Trust often proxied by use of an "app-store" model
>
> Again, I kinda get what you mean here, but this is not the sole
> intention - and an appstore cannot really guarantee trust (as above).
> There are lots of trust models that will hopefully emerge around
> widgets (such as community mediated trust - where a community needs to
> approve something as safe before it can be used on devices). Depending
> on single points of trust is a bad thing, IMO. The central idea is
> that anyone can be an app store and that (hopefully) widgets engines
> will be able to get widgets from anywhere on the Web (i.e., totally
> decentralized distribution model).
>
>

Received on Wednesday, 17 March 2010 23:17:19 UTC