- From: Bronislav Klučka <Bronislav.Klucka@bauglir.com>
- Date: Wed, 08 Feb 2012 15:19:05 +0100
- To: Scott Wilson <scott.bradley.wilson@gmail.com>
- CC: public-webapps@w3.org
On 8.2.2012 14:25, Scott Wilson wrote: > >> Hi >> just let me quote from this thread >> ------------------------------------------------- >> Tim Berners-Lee: >> >> There of course places where XHR is used and there is no >> cross-sitescripting security needed >> >> 1) in a browser extension >> 2) in node.js code trusted apps >> >> Ian Hickson: >> >> These aren't the Web, so they're probably out of scope of the CORS and XHR >> specs, but Anne can comment if he disagrees. >> ------------------------------------------------- >> >> you are one step ahead, firt we need to define, what we want, whether we want web platform (remote access to some data and sometimes being able to manipulate those data with very limited set of APIs) or whether we want actual multi-platform application framework with browser as run-time environment, because there is still a lot of missing and there is apparently disagreement about what should be govern by w3c/whatwg. I'm all for the second option: full programming environment. But that is the first here (and with MS extensions to JS APIs in Metro applications...). And without any distinction between whether the app run locally or whether the UI and data are accessed remotely or any possible combination of UI and data access mechanism. >> >> And the question of granting rights seems to be fairly decided here, everything potentially dangerous has to be granted by user (e.g. FileSystem API, GeoLocation), and if UA can provide more granular way of managing data and rights (not "remove browsing data" and suddenly everything for every page is gone), we can stick with this principle: HTML, CSS, basic JS is fine... anything else must be granted. > Right, and so far we haven't had a generic model for how that is done, instead individual specs have had to define it (as in your examples). > > WebIntents potentially offers a generic model for apps requesting data while keeping the user in the loop, and one that would work both for websites/hosted apps/normal apps and widgets/installed apps/system apps. > > Hi, WebIntents rather not... Those are about registering services to perform some common tasks. That is fine for clearly defined data and actions (and shared communication among two full fully-fledged application)... but way to high level. It takes time to put low level functionality together to make things work, but you can do a lot... (and there are always libraries for most common tasks). But with high level APIs? no way to bend those. I ment something like constructor FileAccess(String path) onstartload(event) onendload(event with cause of end (success or some error) and Blob object ) onprogress(event) read() write() where path in constructor can be HTTP address, FTP address, local address (c:\path\myfile.txt) of course based on privileges on local side, on server side (based on used address) but as low level as possible and as generic as possible (exactly the same functionality locally, remotely). But we have strayed away a little bit :) B.
Received on Wednesday, 8 February 2012 14:22:05 UTC