Re: Charter Addition Proposal: "Trusted Code" for the Web

On 2015-03-23 21:40, Brad Hill wrote:
> Sounds like Web Intents.

Yes, Charles' application seems to fit Web Intents.

The Web2Native Bridge primary target is making App-like functionality available
to Web applications in a [hopefully] scalable and secure way.

Packaged single-purpose service-oriented subsystems can be created by anybody and
should generally not require weird security prompts which you get with low-level
multi-purpose APIs that were not designed to be used in the Open Web like ISO 7816.

A service-oriented approach also makes Web applications less entangled in platform-
specific details in the same way as HTTPS Client Certificate Authentication works
identically for Web applications regardless if keys are stored in "soft" containers,
smart cards, TPMs or TEEs.


> On Mon, Mar 23, 2015 at 12:52 PM < <>> wrote:
>     23.03.2015, 20:32, "Anders Rundgren" < <>__>:
>      > On 2015-03-23 19:49, <> wrote:
>      >>  OK, it seems I have so far failed to understand what you are really trying to achieve,
>      >>  so let me try again…
>      >
>      > NP.
>      >>  23.03.2015, 19:43, "Anders Rundgren" < <>__>:
>      >>>  On 2015-03-23 19:18, Jeffrey Yasskin wrote:
>      >>>
>      >>>  Hi Jeffrey,
>      >>>>    Am I right in thinking that your proposal isn't about how to declare a
>      >>>>    web-delivered piece of code as "trusted", but rather about defining
>      >>>>    how to communicate between (untrusted) web code and (trusted) native
>      >>>>    code delivered with the hardware or browser?
>      >>>  Close.  In my take on this, trusted code is supplied in native level applications
>      >>>  that have been specifically vetted for this usage.
>      >>  Where there is a trusted application installed on a device, you want a web application
>      >>  to be able to pass information to that app, and get it back?
>      >
>      > Yes, that is the core and is what hundreds of different applications already do,
>      > albeit using non-standard methods.
>     Whee! I think I understand the rough problem, at least…
>      > If we take a subject you are involved in, Web Payments, a local wallet would be an
>      > excellent target application.
>     Sure. Some other possibilities to check I have roughly the right idea:
>     One is a graphics application I happen to have bought might be what I want to use for editing my photos on Yandex disk, instead of the built-in online editor.
>     One of the things that drives me nuts about online document editors is having them fall over when I am offline. I would rather be able to use an installed document editor, and pass edited documents, or changesets, back. Github
>      > Hopefully the referred web2native bridge presentation is also worth a brief peek.
>     I already looked at it and didn't see what I was missing… but I think I'm getting there now.
>     cheers
>     --
>     Charles McCathie Nevile - web standards - CTO Office, Yandex
> <> - - - Find more at

Received on Tuesday, 24 March 2015 08:39:17 UTC