Re: Installing web apps

On 2/1/12 2:03 PM, Ian Hickson wrote:
> On Wed, 1 Feb 2012, Tim Berners-Lee wrote:
>> These apps have got to be able to completely
>> act as agents trusted by the user, like for example
>>
>> 	- a web browser
> You want to write a Web browser in a Web browser?

No, he means a generic user agent capable of CRUD operations via RESTful 
patterns, in a nutshell.

>
>
>> 	- a calendar client
> There are lots of calendar clients written on the Web today.

Yes, and most are data silos. An ideal situation would have a Calendar 
represented as an Data Object collection. Each item in the collection is 
an event, task etc..

I would be able to work with said Calendar via:

1. its native interface
2. supported protocols e.g. CalDAV
3. RESTfully via HTTP via CRUD operations
4. Cut and Paste -- basically, I open up a Calendar resource, edit by 
hand and save.

The goal is for all (instead of some) of the above to be possible .
>
>
>> 	- an IMAP client
> There are lots of mail clients written on the Web today.
>

Ditto.

>> and so on, none of these can you currently write as a web app, because
>> of CORS.
> I don't think it has anything to do with CORS. An IMAP client, that is, a
> mail client that communicates to a remote server using the IMAP protocol
> rather than HTTP or WebSockets, is only not possible today because there's
> no raw sockets API (which there can't safely be). The problem is trivial
> to work around by just wrapping IMAP in WebSockets. Nothing to do with
> CORS (or even the same-origin policy).

Again Ditto. Nothing to do with WebSockets.

>
>> As a user when I install an app, I want to be able to give it access to
>> a selection of:
> Providing access to these things when the app is installed is IMHO a net
> worse security model than granting access to these things implicitly when
> the feature is needed.

Not in a world where you have fine-grained ACLs and functional network 
centric identity as delivered by WebID [1], for instance.
>
>
> Of the things you list, the following are already possible without an
> up-front permission grant, in a manner more secure than an up-front grant:
>
>> - Program storage, to a limit
>> - Whether it is permanently available or downloaded or cached for a while
>> - Access to RAM at runtime, to a limit
>> - CPU time when in background, to a limit
>> - Access to the net, maybe to a bandwidth limit
>> - Access to its own local storage up to a given limit
>> - Access to shared local storage up to a given limit
>> - Access to my location, as we currently allow an origin;
>> - Access video and still camera, and sound
>> - Access to other sensors such as temp, accelerometer, etc
> (Temp isn't current exposed, but there's no reason it couldn't be the
> same way as other things.)

This is more about a Webby variant of what Apple already delivers via 
its iPhone configuration utility and its ability to produce profile 
bundles that work (predictably) across Mac OS X and iOS 5 devices [1]. 
Basically, this is about portable profiles, wafer thin application code 
(data orchestrators), and structured data bearing resources.
>
>
>> - Ability to access anything on the web
> What's the use case for this?

Digest my comments above. And BTW its already happening. Nothing in my 
response is speculation, it already works re. IMAP4, Calendars, 
AddressBook, Photo Galleries, and much much more.

>
>
>
>> I want to be able to se where all my resources (including CPU, RAM,
>> 'disk')  on my laptop or tablet or phone are being used up, just like I
>> do with music and movies.
> You can do that today without an up-front permission grant. (q.v. Chrome's
> task manager, for example.)
>
>
>> I want maybe a couple of default profiles for all the above.
> That's more complicated than having on profiles at all.

See comment re. portable profiles .

>
>
>> (I'll want to sync its local and shared data storage between all my
>> devices too)
> That's possible without the site knowing anything about it. Chrome already
> does it to some extent.

Yes, but we want this to happen is user agent agnostic ways. Not 
specifically for Chrome (one of many user agents).

>
>
>> If I can't give power to apps, then the web app platform cannot compete
>> with native apps.
> There's plenty of things we can do to make the Web platform more
> compelling and a better competitor to native apps, but adding "installing"
> isn't one of them. That would in fact take one of the Web's current
> significant advantages over native apps and kill it.
>
s/installing/commissioning via portable profiles.

I can visit place and watch TV on my portable device. Thus, no channel 
squabbling to wreck my visit i.e., I don't invade your space in 
unacceptable ways. You do your thing I do mine :-)

Links:

1. http://help.apple.com/iosdeployment-ipcu/#appc28ee0f4 -- iPhone 
Configuration Utility (produces a resource that's basically a 
combination of identity profile data and associated application 
configuration data)

2. http://webid.info -- WebID

3. http://www.w3.org/community/rww/ - RWW community group which is about 
leveraging WebID authentication for policy driven resource access and 
authorization .

-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen