What do you mean by 'Code Enumerated in the Manifest'?
Unless this has changed recently, I believe we are using appcache for
installable apps. Appcache requires a manifest that contains an explicit list
of assets to assure they can be cached locally and that the app will work
offline and be performant when network connectivity is poor / inconsistent.
http://www.whatwg.org/specs/web-apps/current-work/multipage/offline.html
Lucas.
When you stated "Code Enumerated in the Manifest" I had thought you
meant the signature of the application as described by the Web App
manifest, not the appcache manifest.
I'd suggest that for "Installable Web Applications" should be more
related to the Web App manifest, i.e. the domain or domains that make up
that web app, something like:
Scope: Security permissions are granted to the domain hosting the Web
App manifest
(or "Security permissions are granted to the domains/endpoints
enumerated in the manifest" if we move towards a multi-domain/multi-page
app scope as is being discussed in this thread:
https://groups.google.com/d/topic/mozilla.dev.webapps/90VfuxnmWYQ/discussion)
And then leave the trusted/core/os-level scope as "code enumerated in
the manifest", as these are the applications where we need to explicitly
enumerate the codebase, so that integrity of the code can be enforced.
But then the Web App manifest will need to be extended to outline how
this code is enumerated, as it doesn't currently AFAIK (maybe just by
referencing an appcache manifest)
- Paul
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
