- From: Henry Story <henry.story@co-operating.systems>
- Date: Tue, 4 Aug 2015 11:49:48 +0200
- To: Adrian Hope-Bailie <adrian@hopebailie.com>
- Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Carvalho Melvin <melvincarvalho@gmail.com>, public-webid <public-webid@w3.org>
- Message-Id: <D32425F7-C312-448B-98FE-8B8868D59019@co-operating.systems>
> On 4 Aug 2015, at 11:04, Adrian Hope-Bailie <adrian@hopebailie.com> wrote:
>
> http://qz.com/466089/the-fastest-growing-mobile-phone-markets-barely-use-apps/ <http://qz.com/466089/the-fastest-growing-mobile-phone-markets-barely-use-apps/>
>
> Just saying...
What is not clear to me from these statistics is if these count web apps as apps.
These are standards developed by the W3C
http://www.w3.org/2008/webapps/ <http://www.w3.org/2008/webapps/>
I suppose the tricky bit for apps is that as far as authentication goes there
are always two players: the (web)App and the user. As (web)Apps get more
complex they are usually written by a specific group of people that need to be
trusted ( and that mostly do not deserve as much trust as they ask for IMHO ).
In each case the Apps are run inside a sandboxed environment:
- in the case of Mobile Apps the environment is the OS:
+ For OSX apps you have to trust the OSX review process and their sandboxing system
+ I am not sure how much review the Android apps get, and I am not sure how much remains
of the JAVA security framework that would allow rights to be given per application by a user
- in the case of Web apps the environment is the browser
It should not be surprising that these two will converge, as it was always the
intent of Netscape to replace the OS with the web.
For WebApp development currently the identity seems to be given by the Origin,
which sadly confuses the web site publishing the code and the author of the code.
As a result the server owner needs a top level domain per code author if he is not to confuse all the
different authors of the different apps with each other, and therefore give rights to
the least trustworthy app that he only wanted to give to the most trustworthy ones.
But an end user cannot know about this policy as it will differ across web sites ( and the
browser vendors are trying to even hide that information by removing URL bars!). So
as a result security on the web seems currently very problematic to me.
Projects such as http://cowl.ws/ <http://cowl.ws/> seem to want to provide some answers, but I am not
sure if they are being adopted.
>
> On 4 August 2015 at 09:18, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> On 2015-08-04 08:01, Henry Story wrote:
>
> On 30 Jul 2015, at 16:44, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
> On 2015-07-30 16:32, Melvin Carvalho wrote:
> :(
>
> https://groups.google.com/forum/#!msg/mozilla.dev.platform/pAUG2VQ6xfQ/FKX63BwOIwAJ <https://groups.google.com/forum/#!msg/mozilla.dev.platform/pAUG2VQ6xfQ/FKX63BwOIwAJ>
>
> Since none of the big users of client-side PKI have ever bothered with this crap
> it won't be missed. This signifies the (expected) end of WebID-TLS as well.
>
> Not quite, as it depends on what happens in the TLS 3.0 group. But WebID-TLS can still
> work very well for server to server communication. It seems that in any case that is what
> is going to have to happen, as browser vendors seem to have lost their marbles somewhere
> along the way from Netscape to here.
>
> The browser folks have lost the war against "Apps". They don't realize (or acknowledge) the
> obvious either: By bridging the Web and App worlds you could COMBINE the power of BOTH worlds.
>
> The Web advocates are rather betting on that Apps is a fad, completely ignoring the fact
> that Google, Apple, and Microsoft are putting giant resources into their App platforms.
>
> Anders
>
>
>
> Henry
>
>
> Anders
>
>
>
>
>
Received on Tuesday, 4 August 2015 09:50:29 UTC