- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 24 Mar 2015 09:38:19 +0100
- To: Brad Hill <hillbrad@gmail.com>, chaals@yandex-team.ru, Jeffrey Yasskin <jyasskin@google.com>, Marijn Kruisselbrink <mek@chromium.org>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 2015-03-23 21:40, Brad Hill wrote: > Sounds like Web Intents. Yes, Charles' application seems to fit Web Intents. The Web2Native Bridge primary target is making App-like functionality available to Web applications in a [hopefully] scalable and secure way. Packaged single-purpose service-oriented subsystems can be created by anybody and should generally not require weird security prompts which you get with low-level multi-purpose APIs that were not designed to be used in the Open Web like ISO 7816. A service-oriented approach also makes Web applications less entangled in platform- specific details in the same way as HTTPS Client Certificate Authentication works identically for Web applications regardless if keys are stored in "soft" containers, smart cards, TPMs or TEEs. Anders > > On Mon, Mar 23, 2015 at 12:52 PM <chaals@yandex-team.ru <mailto:chaals@yandex-team.ru>> wrote: > > 23.03.2015, 20:32, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>__>: > > On 2015-03-23 19:49, chaals@yandex-team.ru <mailto:chaals@yandex-team.ru> wrote: > >> OK, it seems I have so far failed to understand what you are really trying to achieve, > >> so let me try again… > > > > NP. > >> 23.03.2015, 19:43, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>__>: > >>> On 2015-03-23 19:18, Jeffrey Yasskin wrote: > >>> > >>> Hi Jeffrey, > >>>> Am I right in thinking that your proposal isn't about how to declare a > >>>> web-delivered piece of code as "trusted", but rather about defining > >>>> how to communicate between (untrusted) web code and (trusted) native > >>>> code delivered with the hardware or browser? > >>> Close. In my take on this, trusted code is supplied in native level applications > >>> that have been specifically vetted for this usage. > >> Where there is a trusted application installed on a device, you want a web application > >> to be able to pass information to that app, and get it back? > > > > Yes, that is the core and is what hundreds of different applications already do, > > albeit using non-standard methods. > > Whee! I think I understand the rough problem, at least… > > > If we take a subject you are involved in, Web Payments, a local wallet would be an > > excellent target application. > > Sure. Some other possibilities to check I have roughly the right idea: > > One is a graphics application I happen to have bought might be what I want to use for editing my photos on Yandex disk, instead of the built-in online editor. > > One of the things that drives me nuts about online document editors is having them fall over when I am offline. I would rather be able to use an installed document editor, and pass edited documents, or changesets, back. Github > > > Hopefully the referred web2native bridge presentation is also worth a brief peek. > > I already looked at it and didn't see what I was missing… but I think I'm getting there now. > > cheers > > -- > Charles McCathie Nevile - web standards - CTO Office, Yandex > chaals@yandex-team.ru <mailto:chaals@yandex-team.ru> - - - Find more at http://yandex.com >
Received on Tuesday, 24 March 2015 08:39:17 UTC