- From: Ryan Sleevi <sleevi@google.com>
- Date: Thu, 30 May 2013 09:07:44 -0700
- To: Jeffrey Walton <noloader@gmail.com>
- Cc: Douglas Stebila <stebila@qut.edu.au>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Harry Halpin <hhalpin@w3.org>
Jeff, these "app stores" or sideloading are exactly what the SysApps WG is looking at - which I suggested very early on :) The API requirements for such applications MAY be very different than what is needed by "content" scripts. On Wed, May 29, 2013 at 7:54 PM, Jeffrey Walton <noloader@gmail.com> wrote: > On Wed, May 29, 2013 at 10:37 PM, Ryan Sleevi <sleevi@google.com> wrote: >> >> .... >> Solving the "secure delivery of code" is a non-goal of this WG. Trust TLS >> (which your model, by design, does not) or use SysApps (as I earlier >> suggested) have been the two responses so far for this problem. > One does not have to solve the secure delivery problem to make the > enhancements useful. > > An application loaded from an organization's application store (or > side loaded via a developer) does not suffer secure delivery - they > provide the initial secure delivery. Its not hard to imagine a large > organization with 150,000 employees using an in-house time keeping > application that takes advantage of the pre-existing relationship by > pinning the time server's certificate or public key. (It can also > sidestep the problems caused by the current definitions of SOP since > many enterprise apps don't fetch text based ads from a third party). > > I believe App store application represent a non-trivial portion of > applications available to a user. But I've never seen statistics on > purely browser based apps versus app store apps. > > These app stores are going to get more popular because: (1) they are a > source of revenue for the owners of the platform, and (2) they are > providing vendor lock-in. So I expect to see even more apps on these > app stores in the future, not fewer. > > Jeff
Received on Thursday, 30 May 2013 16:08:14 UTC