[whatwg] Proposal for a web application descriptor

Simon Heckmann simon at simonheckmann.de
Fri Apr 29 15:40:39 PDT 2011


Am 29.04.2011 um 16:47 schrieb Dave Raggett:

> You may also want to look at the ideas being floated by Mozilla and others for installed web apps to request extra privileges. This is expected to lead to a new W3C Working Group within a few months from now, and I am hoping to see progress on being able to run the browser in a locked down mode that is more secure than is the default for web pages today (e.g. no eval, constrained innerHTML), and to then make a single request for a list of privileges:
> 
> http://dougt.org/wordpress/2011/03/device-api-permission-management/
> http://groups.google.com/group/mozilla-labs/browse_thread/thread/e592b27e54b7f857
> http://dev.w3.org/2009/dap/docs/feat-perms/feat-perms.html <http://dev.w3.org/2009/dap/docs/feat-perms/feat-perms.html#capability>

Thank you! I read through these articles and I like what they are proposing. I also think it is a good idea to tackle this with a joint proposal. While some of the suggestions made in the documents relate to querying the permission through javascript I still see room for my idea to ask for permissions on start-up. I am not yet sure if this all only  holds true for super-applications, as even normal websites would want to access my camera or address book and therefore need permission. Anyway, I am looking forward to giving input to a larger scope proposal.

> 
> Some challenges include:
> 
>  *  how to justify the request to the user being asked to grant the privileges
>     starting with a text string and a link to more information

Well, this is what I thought of: The users visit a website they have never visited before. A notifications pops up allowing them to set all permissions required for this page. The users might not trust the site yet so they do not grant all permissions immediately. As the users continue to use the page, the web site could check the status of the permission using javascript and remind the user to rethink his permission settings: "This site would like to access your camera to scan for a barcode. If you want to use this feature, please use the global permissions dialog to set them." 

> 
>  *  white and black lists for well behaved and evil applications - which leads
>     on to the role of trust delegation for improved usability  and whether
>     crowd based recommendations are practical

I agree! But in the end this is similar to desktop applications. It pretty much depends on the users which applications they run and which they do not trust. I think this is where web app stores might come into play. A central place where user can share their experience. 

> 
> We should think how to work together with Mozilla, Google and others on a joint proposal as this is likely to have greater chance of widespread adoption than doing something in isolation.

Great idea! Is there another mailing list where this should be posted on?

> 
> 
> On 29/04/11 13:00, Simon Heckmann wrote:
>> Hello again,
>> 
>> As requested I updated the proposal to contain screenshots from English browser versions now. You can always find the latest version on http://www.simonheckmann.de/download/Proposal.pdf. Additionally, I created an HTML version of the file which might come in handy for some readers: http://www.simonheckmann.de/proposal/.
>> 
>> Kind regards,
>> Simon Heckmann
>> 
>> 
>> Am 29.04.2011 um 11:03 schrieb Simon Heckmann:
>> 
>>> Fixed!
>>> 
>>> Am 29.04.2011 um 10:52 schrieb Benjamin Hawkes-Lewis:
>>> 
>>>> On Fri, Apr 29, 2011 at 9:39 AM, Simon Heckmann<simon at simonheckmann.de>  wrote:
>>>>> I have written a short document covering my proposal: www.simonheckmann.de/download/Proposal.pdf (3 pages, ~200KB)
>>>> I can't open this PDF in Preview.
>>>> 
>>>> --
>>>> Benjamin Hawkes-Lewis
>>> Sorry for the inconveniences! I tried it in Acrobat and it worked flawlessly. I uploaded it again and it now displays in Preview as well. I hope this fixes it for you, too!
>>> 
>>> Kind regards,
>>> Simon Heckmann
>> 
> 
> 
> -- 
> Dave Raggett<dsr at w3.org>  http://www.w3.org/People/Raggett



More information about the whatwg mailing list