W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: Charter Addition Proposal: "Trusted Code" for the Web

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 23 Mar 2015 20:31:57 +0100
Message-ID: <55106A2D.4030207@gmail.com>
To: chaals@yandex-team.ru, Jeffrey Yasskin <jyasskin@google.com>, Marijn Kruisselbrink <mek@chromium.org>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 2015-03-23 19:49, chaals@yandex-team.ru wrote:
> OK, it seems I have so far failed to understand what you are really trying to achieve,
 > so let me try again…


> 23.03.2015, 19:43, "Anders Rundgren" <anders.rundgren.net@gmail.com>:
>> On 2015-03-23 19:18, Jeffrey Yasskin wrote:
>> Hi Jeffrey,
>>>   Am I right in thinking that your proposal isn't about how to declare a
>>>   web-delivered piece of code as "trusted", but rather about defining
>>>   how to communicate between (untrusted) web code and (trusted) native
>>>   code delivered with the hardware or browser?
>> Close.  In my take on this, trusted code is supplied in native level applications
>> that have been specifically vetted for this usage.
> Where there is a trusted application installed on a device, you want a web application
 > to be able to pass information to that app, and get it back?

Yes, that is the core and is what hundreds of different applications already do,
albeit using non-standard methods.

If we take a subject you are involved in, Web Payments, a local wallet would be an
excellent target application.

Hopefully the referred web2native bridge presentation is also worth a brief peek.


> cheers
> Chaals
> --
> Charles McCathie Nevile - web standards - CTO Office, Yandex
> chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Monday, 23 March 2015 19:32:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:47 UTC