W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 01 Apr 2015 16:37:02 +0200
Message-ID: <551C028E.2030207@gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>, "Nilsson, Claes1" <Claes1.Nilsson@sonymobile.com>
CC: "public-sysapps@w3.org" <public-sysapps@w3.org>, public-webapps <public-webapps@w3.org>, Device APIs Working Group <public-device-apis@w3.org>, Domenic Denicola <domenic@domenicdenicola.com>, "slightlyoff@chromium.org" <slightlyoff@chromium.org>, "yasskin@gmail.com" <yasskin@gmail.com>
On 2015-04-01 16:11, Anne van Kesteren wrote:
> On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1
> <Claes1.Nilsson@sonymobile.com> wrote:
>> However, work is ongoing in the Web App Sec WG that may provide basis
>> for a security model for this API. Please read section 4,
>> http://www.w3.org/2012/sysapps/tcp-udp-sockets/#security-and-privacy-considerations
> I don't see anything there that makes TCP or UDP possible. It has
> # Explicit trust for the requesting webapp based on the security
> # system of the web runtime this API is implemented in.
> but no such thing exists (standardized).

Even if there was a technical standard for the web runtime, the distribution and vetting
of secure applications would probably not be standard which is why I continue literally
jumping up and down pointing in another direction which is based on COMBINING the Open Web
with local, more or less proprietary applications which would do the "dirty work"
(like they already do today).

Unfortunately it seems that the browser vendors want to lock down everything leaving
Web developers in a very disadvantaged position compared to their "App"-developing cousins.

Regarding permissions involving the user, there are huge limitations in the Open Web:

Received on Wednesday, 1 April 2015 14:37:38 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC