- From: Markus Lanthaler <markus.lanthaler@gmx.net>
- Date: Wed, 28 Aug 2013 21:01:47 +0200
- To: "'Brian Kardell'" <bkardell@gmail.com>, <www-tag@w3.org>
Hi Brian, Are you aware of Unhosted [1]? I think that community is working on what you described, have a look at RemoteStorage [2], there's also a IETF I-D [3]. HTH, Markus [1] http://unhosted.org/ [2] http://unhosted.org/adventures/7/Adding-remote-storage-to-unhosted-web-apps. html [2] https://tools.ietf.org/html/draft-dejong-remotestorage -- Markus Lanthaler @markuslanthaler ----------- Original Message ----------- From: Brian Kardell [mailto:bkardell@gmail.com] Sent: Wednesday, August 28, 2013 3:53 AM To: www-tag@w3.org Subject: Security and capability services Please forgive the title, I honestly didn't know what to write and that was the best I could come up with. Bear with me while I try to explain. We have so many new things floating around: workers, sandboxed iframes, etc, etc - and we have so many new capabilities "down there" but one thing still seems kind of illusive and I think I'd like to bring it to TAG and see if anyone is interested in discussion. Essentially - none of these appears to be able to create a safe, real first class citizen that can effectively sandbox and communicate in a really nice way about capabilities. Let me provide one simple example: Imagine that I wanted to start providing some common kind of data which might be usable by lots of different sites or apps. For example, a TODO list or a calendar. Today, I'd build a RESTful service and then expose JSON to everyone from a fictional "todos-list.io" - maybe with some additional headers for security. That's good, don't get me wrong, but I might have a view on this data as a widget in my gmail and another in some extension which gives me extra nice UI sugar etc. Each one of these apps has to write solve a number of problems to share that data/become offline capable/etc - there is no clear way to signal them that updates have happened, and so on. What I am saying here is: Why can't I provide all of the complexity that goes with that and provide a shared service as a capability. A clear enough example of the basics of how this might work are illustrated at https://github.com/tildeio/oasis.js and similar things are being discussed with native APIs with webapps and things but as far as I can tell - for the general Web I see no way to accomplish this... Using stuff that is mostly there today I could (these are just examples using the closest existing thing to describe) provide a document @ 'todos-list.io/service.html' which would: a.) provide an appcache manifest to bootstrap this offline b) use xhr in there to request for data - however I like - lazy load, on demand, etc... c) provide cache for data in localStorage or indexDb d) add to that whatever smarts I can: encryption, processing in workers, etc... Even using basically existing capabilities I could add a bit to ignore or accept connections based on any number of criteria - in this case, let's just say I accept from *, but require a key for identification/encryption and expose and provide a service API. >From my end, it seems pretty safe. If you could then use the other end of that model to say "This can operate will x-y-z privlidges" and request connection to it stating which capabilities you might be wanting access to it seems pretty safe from your end too. The thing is today, you can't. There are so many levels of restrictions - every approach makes the service provider a second class citizen in terms of what would otherwise be access to things in their own domain and the sandbox stuff isn't quite enough either. It seems that the net result would be a healthy and simple message passing mechanism over ports - potentially bi-directionally. So if I update a TODO in one app, I can let the others know that an update is available by notification and they can refresh their views and *no one* needs to worry about all of the dirty details of that stuff but me... I can imagine whole new competition in this area that don't/can't exist today. I apologize for the length here and if any of it is hard to follow - I can try clarifying.... Do you think it might be something for TAG to consider? -- Brian Kardell :: @briankardell :: hitchjs.com
Received on Wednesday, 28 August 2013 19:02:23 UTC