Re: ACTION-401Ask WebApps to Review Taxonomy

Thanks, Marcos!  We will discuss this at the TAG mtg next week.
All the best, Ashok

Marcos Caceres wrote:
> (The following is my personal opinion about widgets)
> On Thu, Mar 11, 2010 at 10:58 PM, ashok malhotra
> <> wrote:
>> John Kemp has kindly created A Taxonomy of Web Applications for the TAG.
>> See
>> It would be good if some of the WebApps folks could review and comment.
>> Also, I suspect that behind the many documents that the Web Apps WG is
>> producing lies
>> an architectural vision.  If someone could spend a few minutes articulating
>> this vision, I think it
>> would be very helpful.
> I had a quick look, and just wanted to raise two points...
> # Trust often established between widget and widget platform (by means
> of crypto signatures)
> This is not quite right: The Dig Sig spec says "Widget authors and
> distributors can digitally sign widgets as a mechanism to ensure
> continuity of authorship and distributorship. Prior to instantiation,
> a user agent can use the digital signature to verify the integrity of
> the widget package and to confirm the signing key(s)." However, this
> should not be confused with "trust" in any way (e.g., an author I
> trust could turn evil, or the widget could be hijacked).
> # Trust often proxied by use of an "app-store" model
> Again, I kinda get what you mean here, but this is not the sole
> intention - and an appstore cannot really guarantee trust (as above).
> There are lots of trust models that will hopefully emerge around
> widgets (such as community mediated trust - where a community needs to
> approve something as safe before it can be used on devices). Depending
> on single points of trust is a bad thing, IMO. The central idea is
> that anyone can be an app store and that (hopefully) widgets engines
> will be able to get widgets from anywhere on the Web (i.e., totally
> decentralized distribution model).

Received on Wednesday, 17 March 2010 23:17:19 UTC