- From: Robin Berjon <robin@berjon.com>
- Date: Thu, 9 Feb 2012 13:01:06 +0100
- To: Dimitri Glazkov <dglazkov@chromium.org>
- Cc: Tim Berners-Lee <timbl@w3.org>, Ian Hickson <ian@hixie.ch>, WebApps WG <public-webapps@w3.org>, Thomas Roessler <tlr@w3.org>, "Michael[tm] Smith" <mike@w3.org>, "www-tag@w3.org List" <www-tag@w3.org>
Hi Dimitri, On Feb 7, 2012, at 18:26 , Dimitri Glazkov wrote: > Robin, this is a pretty interesting and thoughtful treatise and while > I am still digesting parts of it, I can't help but think that the key > in identifying precise boundaries and relative position of these two > universes is defining one in terms of another. Namely, we may want to > explore if Web App sandbox/container can be a System App (I also heard > the term Platform App). And if it can be, it both definitively > enumerates the set of limitations and APIs imposed by this container > System App and dovetails nicely into that whole browser-in-a-browser > discussion. I'm still trying to wrap my head about what exactly your proposal would imply, sorry if what follows is fuzzier than a Little Pony on a bad hair day. As written, your proposal makes a lot of a sense to me. We have an omnipotent system on one side, and on the other a less powerful one that can run in the former. So defining the subset in terms of the whole seems logical. But as soon as I try to do anything practical with the idea I start hitting aporetic walls. It doesn't mean that it's a bad idea of course, just that I don't know what to do with it. I'm hoping you can help :) We could apply it in a brute force manner by listing all the features that the omnipotent system supports and flagging those that are excluded in-browser. But I doubt that that would be very useful, we wouldn't learn anything knew from it. Note that the people who worked on policy-based security systems for Web technology (e.g. WAC, webinos) have often discussed the possibility of producing a policy that matches the default browser security model (I don't know if they eventually did); this would be the same. If however I try to be subtler and more abstract about it, I circle right back to a dividing line of "more harmful than what is tolerable inside a sandbox" which I mentioned previously. Stuff that's in that group doesn't get to be in the browser context. The good news is that I don't think we need a strong definition for the distinction that I'm suggesting. I think that we can get away with a rough idea of what goes where and how to build it (which I believe we more or less have, though it needs to be documented). And with experience, we can refine it. Still, I'd like to address your idea more satisfactorily :) -- Robin Berjon - http://berjon.com/ - @robinberjon
Received on Thursday, 9 February 2012 12:01:30 UTC