Re: Widgets - WARP, Widgets Updates and Digital Signatures

On 9/16/10 6:17 PM, Nathan wrote:
> Marcos Caceres wrote:
>> On Fri, Sep 3, 2010 at 7:52 PM, Nathan <nathan@webr3.org> wrote:
>>> Hi All,
>>>
>>> Simply wondering why WARP, Widgets Updates and Digital Signatures aren't
>>> used to deploy js applications which run in the main browser context?
>>
>> I guess because they all have counterparts on the Web stack:
>>
>> WARP is the widget equiv. of XHR 2 + CORS
>
> Do WARP and XHR2+CORS not address different issues, where WARP requests
> access from the user agent to retrieve a network resources, and CORS
> requests access from the network resources?

Yep, you are right. But for practical purposes (accessing data from 
multiple sources to mush into something useful), they are kinda the same.

>> Widget Updates is the widget equiv of HTML5 manifest or HTTP expiries.
>
> Cool, I follow what you're saying and will spend some time getting up to
> date on manifests :)
>
>> Dig Sig is the equiv. of HTTPS
>
> Need to think about that one more, surely one widgets-digsig allows a
> package to be distributed through multiple channels and is somewhat akin
> to typical code/application signing solutions on the desktop, whereas
> HTTP+TLS is just that, message delivery over TLS.

HTTPS is more then that. It also lets you know if the site your are 
looking at is verified by some CA (which gives you some level of trust).

>>> seems
>>> like a nice solution that would work webscale, and which would provide
>>> further user security, identification of trusted apps and cover the
>>> other
>>> half of CORS which is informing and protecting the user.
>>>
>>> Perhaps one of the vendors has already implemented in the main context?
>>
>> Hope that helps.
>
> Indeed it does somewhat, I'd been putting off wrapping my head round
> manifests so will get up to date,
>
> Cheers,
>
> Nathan
>

-- 
Marcos Caceres
Opera Software

Received on Thursday, 16 September 2010 16:26:33 UTC