Re: Installing web apps

On 1 Feb 2012, at 21:04, Tim Berners-Lee wrote:

> 
> On 2012-02 -01, at 15:23, Marcos Caceres wrote:
> 
>> Hi Tim,  
>> 
>> On Wednesday, 1 February 2012 at 16:42, Tim Berners-Lee wrote:
>> 
>>> Note that when people talk about installation, they often immediately discuss
>>> packaging and manifest formats, which will need to be defined,
>> 
>> Um… we have a REC for that, remember?  
> 
> Yes, but I'm specifically trying to avoid the discussion of whether you use
> widgets or manifests or node.js or what.
> 
> Sorry, we have come a long way from my original comment on public-webaps about 
> the same-origin-policy needing a way of letting a script know why the 
> access failed, which lead to Ian H saying that here was no need
> for installation and my saying that there was.  So I was arguing for the need
> for installation, and I am if course aware of widgets.
> 
> I precisely *didn't* want to get into a detail about whether everyone should use
> widgets or will use widgets -- I want to argue for XMLHTTPRequest 
> being designed to be able to be used not only in an untrusted web page,
> but e.g. from an installed widget, or node.js for that matter,
> which means returning a defined error response when the privilege is
> insufficient, instead of faking a network error.
> I've been trying to write code which will work in any of these.

In the Widgets space this is part of:

http://www.w3.org/TR/widgets-access/

Its up to user-agents how they expose these access request policies to the user, whether to ask on installation, or on first use etc.

The issue of 'trusted web applications" has also come up before in this context also, see Robin's blog post:

http://berjon.com/blog/2011/02/harmful-trust.html

> 
> 
> Tim

Received on Thursday, 2 February 2012 10:16:57 UTC