Installing web apps

On 2012-01 -20, at 14:32, Ian Hickson wrote
in :

> On Fri, 20 Jan 2012, Tim Berners-Lee wrote:
> [...]
>> There of course places where XHR is used and there is no 
>> cross-sitescripting security needed
>> 1)  in a browser extension
>> 2)  in node.js code trusted apps 
> These aren't the Web, so they're probably out of scope of the CORS and XHR 
> specs, but Anne can comment if he disagrees. :-)
>> 3)  in web apps when web apps can, in I hope the near future, be 
>> installed, and flagged as trusted code
> Personally I think the idea of "installing" a Web app is anathema. 

You may, but others have a need for it.

The open web platform is a strong contender
for apps which you write once run anywhere
and end up being a better alternative, or quietly
moving out, native apps on all kids of device.

These apps have got to be able to completely
act as agents trusted by the user, like for example

	- a web browser
	- a calendar client
	- an IMAP client

and so on, none of these can you currently write
as a web app, because of CORS. 

As a user when I install an app, I want to be able to give
it access to a selection of:

- Program storage, to a limit
- Whether it is permanently available or downloaded or cached for a while
- Access to RAM at runtime, to a limit
- Access to the net, maybe to a bandwidth limit
- CPU time when in background, to a limit
- Ability to access anything on the web
- Access to its own local storage up to a given limit
- Access to shared local storage up to a given limit
- Access to my location, as we currently allow an origin;
- Access video and still camera, and sound
- Access to other sensors such as temp, accelerometer, etc

I want to be able to se where all my resources (including CPU, RAM, 'disk')  on my laptop or tablet or phone
are being used up, just like I do with music and movies.

I want maybe a couple of default profiles for all the above.

(I'll want to sync its local and shared data storage between  all my devices too)

If I can't give power to apps, then the web app platform cannot compete with native apps.

I don't want the value of these setting to be the origin domain name of the script of the app,
as that is too high a granularity.

Note that when people talk about installation, they often immediately discuss
packaging and manifest formats, which will need to be defined, and for which
we might have more than one, but is not the crux of the issue -- the crux is
allowing it access to precious and/or sensitive resources.


Received on Wednesday, 1 February 2012 16:42:27 UTC