[whatwg] Installable web apps

Atul Varma avarma at mozilla.com
Tue Jun 8 12:26:12 PDT 2010


  On 6/8/10 10:47 AM, Adam Barth wrote:
> On Tue, Jun 8, 2010 at 4:17 AM, Henri Sivonen<hsivonen at iki.fi>  wrote:
>> "Aaron Boodman (劉)"<aa at google.com>  wrote:
>>> If we add paths to the mix, we can do this. Applications on the same
>>> origin can circumvent it if they want, but why would they? SOP
>>> already
>>> guarantees that apps on the same origin are friendly and cooperate
>>> with each other. That doesn't mean it isn't useful for the UA to know
>>> which one is which.
>> I have to wonder why Google needs the browser team to solve this instead of having the Reader team relocate their stuff to reader.google.com (like maps.google.com is located already).
> Last time I asked about this, the answer I got was that there were
> performance and branding considerations around whether to host an app
> on www or on a dedicated subdomain.  For security, putting each app on
> a separate subdomain is a win.
>
> Adam
For what it's worth, I think that giving developers tools to easily 
define more granular security mechanisms without resorting to subdomains 
is a win in terms of usability, as it's quite difficult to figure out 
how to create subdomains and do virtual hosting--to say nothing of doing 
it over SSL.

That said, introducing a brand new mechanism for security on top of SOP 
does seem like it might make the security landscape more complex as a 
whole, and thereby potentially more vulnerable.

- Atul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100608/e3390aac/attachment-0002.htm>


More information about the whatwg mailing list