- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 28 Jul 2009 00:02:57 -0700
On Mon, Jul 27, 2009 at 5:53 PM, Maciej Stachowiak<mjs at apple.com> wrote: > On Jul 27, 2009, at 6:42 PM, Robert O'Callahan wrote: >> On Tue, Jul 28, 2009 at 6:50 AM, Michael Davidson <mpd at google.com> wrote: >>> As mentioned in earlier discussions about persistent workers, >>> permissioning UI is a major issue. >> >> Indeed, the most difficult issue here is security and the permissions UI, >> which you haven't addressed at all. >> >> Currently, when you close a browser tab, the application in that tab is >> gone. This is a very important user expectation that we can't just break. > > I share this concern. Violating this expectation seems like it could be a > vector for malware, in a way that a permissions dialog would not > meaningfully address. Agreed. As so often, adding powerful features is the easy part, doing so securely is what's hard. Google Chrome (and I think other browsers) allow pages to be "installed" as web applications which run in a separate window. It would be interesting to look at the UI for that feature. However installApp allows something even more powerful than that, since it allows a hidden page that the user can't easily simply close, and so should probably have an even more restrictive UI. / Jonas
Received on Tuesday, 28 July 2009 00:02:57 UTC