The problem is we're framing the discussion in terms of installing web apps.
We're answering the wrong question.
The real question is whether we want to start seeing powerful applications
running in the browser.
If we do, then we'll figure out a way to get there. Be it installing,
permissions
Hi Dimitri,
On Feb 7, 2012, at 18:26 , Dimitri Glazkov wrote:
Robin, this is a pretty interesting and thoughtful treatise and while
I am still digesting parts of it, I can't help but think that the key
in identifying precise boundaries and relative position of these two
universes is defining
On Wednesday, February 8, 2012 at 10:33 PM, Adrienne Porter Felt wrote:
I agree that the current UI is not great. However, I disagree about
everyone clicking through permission grants. I've done two user studies
and found that about ~18% of people look at permissions for a given
On 2/9/12 1:21 PM, Marcos Caceres w...@marcosc.com wrote:
On Wednesday, February 8, 2012 at 10:33 PM, Adrienne Porter Felt wrote:
I agree that the current UI is not great. However, I disagree about
everyone clicking through permission grants. I've done two user
studies and found that about
On Thursday, February 9, 2012 at 3:17 PM, Tobie Langel wrote:
The correlation between the number of permissions requested by the app and
the percentage of users which will avoid using the app altogether is
strong, so much so that we're warning devs against asking for too many
permissions
As you are saying, we seem to be talking of different things, even if I
have a problem seeing how different.
You make a difference between apps using web technologies accessed by
HTTP or not, which I thought close to installed or not.
You postulate the absence of a safe and usable way of
On 8.2.2012 1:06, Jean-Claude Dufourd wrote:
On 7/2/12 05:31 , Robin Berjon wrote:
The first problem is that of the security model. A lot of smart
people have tried to come up with a lot of different solutions here,
often involving signatures, policies, intricate user interfaces, etc.
I
On 8 Feb 2012, at 10:31, Bronislav Klučka wrote:
On 8.2.2012 1:06, Jean-Claude Dufourd wrote:
On 7/2/12 05:31 , Robin Berjon wrote:
The first problem is that of the security model. A lot of smart people have
tried to come up with a lot of different solutions here, often involving
On 8.2.2012 14:25, Scott Wilson wrote:
Hi
just let me quote from this thread
-
Tim Berners-Lee:
There of course places where XHR is used and there is no
cross-sitescripting security needed
1) in a browser extension
2) in node.js
On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote:
Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit :
Android goes somewhat in this direction with its app-security model...
With all due respect, the app-security model on Android is a joke. Everyone
just clicks through the permissions grant
On Feb 2, 2012, at 09:51 , Jean-Claude Dufourd wrote:
JCD: I do not see why the granting of privileges should be implicit when some
webapp is installed.
It all boils down to what installation means. For instance, if you take a
super lightweight approach to it similar to Firefox's app tabs, it
On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote:
Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit :
Android goes somewhat in this direction with its app-security model...
With all due respect, the app-security model on Android is a joke.
Everyone just clicks through the permissions grant
On Feb 8, 2012, at 01:06 , Jean-Claude Dufourd wrote:
On 7/2/12 05:31 , Robin Berjon wrote:
The first problem is that of the security model. A lot of smart people have
tried to come up with a lot of different solutions here, often involving
signatures, policies, intricate user interfaces,
Hi Adrienne,
On Wednesday, 8 February 2012 at 21:56, Adrienne Porter Felt wrote:
On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote:
Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit :
Android goes somewhat in this direction with its app-security model...
With all due
I agree that the current UI is not great. However, I disagree about
everyone clicking through permission grants. I've done two user studies
and found that about ~18% of people look at permissions for a given
installation, and about ~60% look occasionally. We found that most have no
idea
Hi Adrienne,
On Feb 8, 2012, at 22:56 , Adrienne Porter Felt wrote:
I agree that the current UI is not great. However, I disagree about
everyone clicking through permission grants. I've done two user studies
and found that about ~18% of people look at permissions for a given
Hi all,
On Feb 1, 2012, at 17:42 , Tim Berners-Lee wrote:
On 2012-01 -20, at 14:32, Ian Hickson wrote
Personally I think the idea of installing a Web app is anathema.
You may, but others have a need for it.
This is a hot topic, and I'm happy to see it openly broached here. That said, I
[-www-tag]
Hi Tim,
On Feb 1, 2012, at 22:04 , Tim Berners-Lee wrote:
I want to argue for XMLHTTPRequest
being designed to be able to be used not only in an untrusted web page,
but e.g. from an installed widget, or node.js for that matter,
which means returning a defined error response when
On Feb 2, 2012, at 11:16 , Scott Wilson wrote:
The issue of 'trusted web applications has also come up before in this
context also, see Robin's blog post:
http://berjon.com/blog/2011/02/harmful-trust.html
Please read that with a pinch of salt. It's my thinking from a year ago, and
quite a
On Tue, Feb 7, 2012 at 5:31 AM, Robin Berjon ro...@berjon.com wrote:
Hi all,
On Feb 1, 2012, at 17:42 , Tim Berners-Lee wrote:
On 2012-01 -20, at 14:32, Ian Hickson wrote
Personally I think the idea of installing a Web app is anathema.
You may, but others have a need for it.
This is a hot
On 7/2/12 05:31 , Robin Berjon wrote:
The first problem is that of the security model. A lot of smart people have
tried to come up with a lot of different solutions here, often involving
signatures, policies, intricate user interfaces, etc. I think that's all
massively over-engineered. Once
On 1/2/12 20:03 , Ian Hickson wrote:
As a user when I install an app, I want to be able to give it access to
a selection of:
Providing access to these things when the app is installed is IMHO a net
worse security model than granting access to these things implicitly when
the feature is
On 1 Feb 2012, at 21:04, Tim Berners-Lee wrote:
On 2012-02 -01, at 15:23, Marcos Caceres wrote:
Hi Tim,
On Wednesday, 1 February 2012 at 16:42, Tim Berners-Lee wrote:
Note that when people talk about installation, they often immediately
discuss
packaging and manifest formats,
On 2012-01 -20, at 14:32, Ian Hickson wrote
in http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0238.html :
On Fri, 20 Jan 2012, Tim Berners-Lee wrote:
[...]
There of course places where XHR is used and there is no
cross-sitescripting security needed
1) in a browser
On Wed, 1 Feb 2012, Tim Berners-Lee wrote:
These apps have got to be able to completely
act as agents trusted by the user, like for example
- a web browser
You want to write a Web browser in a Web browser?
- a calendar client
There are lots of calendar clients written on
On Wed, Feb 1, 2012 at 8:42 AM, Tim Berners-Lee ti...@w3.org wrote:
On 2012-01 -20, at 14:32, Ian Hickson wrote
in http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0238.html :
On Fri, 20 Jan 2012, Tim Berners-Lee wrote:
[...]
There of course places where XHR is used and there
On 2/1/12 11:03 AM, Ian Hickson wrote:
On Wed, 1 Feb 2012, Tim Berners-Lee wrote:
These apps have got to be able to completely
act as agents trusted by the user, like for example
- a web browser
You want to write a Web browser in a Web browser?
Ian, at present, you're the one
Le 1 févr. 2012 à 20:03, Ian Hickson a écrit :
- a calendar client
There are lots of calendar clients written on the Web today.
- an IMAP client
There are lots of mail clients written on the Web today.
These are not web-apps that can work offline longer than 2 minutes.
Android's
On 2/1/12 2:39 PM, Charles Pritchard wrote:
Mozilla said they were getting rid of their enable privilege API. I
don't know that they have.
It's being removed, slowly. For example, cross-site XHR (modulo
whatever CORS allows) is no longer possible even if you enablePrivilege
in current
On 2/1/12 11:57 AM, Boris Zbarsky wrote:
On 2/1/12 2:39 PM, Charles Pritchard wrote:
Mozilla said they were getting rid of their enable privilege API. I
don't know that they have.
It's being removed, slowly. For example, cross-site XHR (modulo
whatever CORS allows) is no longer possible
On 2/1/12 2:41 PM, Paul Libbrecht wrote:
Android goes somewhat in this direction with its app-security model...
With all due respect, the app-security model on Android is a joke.
Everyone just clicks through the permissions grant without even reading
what's being requested, because _every_
On 2/1/12 3:02 PM, Charles Pritchard wrote:
On 2/1/12 11:57 AM, Boris Zbarsky wrote:
On 2/1/12 2:39 PM, Charles Pritchard wrote:
Mozilla said they were getting rid of their enable privilege API. I
don't know that they have.
It's being removed, slowly. For example, cross-site XHR (modulo
Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit :
Android goes somewhat in this direction with its app-security model...
With all due respect, the app-security model on Android is a joke. Everyone
just clicks through the permissions grant without even reading what's being
requested,
Hi Tim,
On Wednesday, 1 February 2012 at 16:42, Tim Berners-Lee wrote:
Note that when people talk about installation, they often immediately discuss
packaging and manifest formats, which will need to be defined,
Um… we have a REC for that, remember?
http://www.w3.org/TR/widgets/
and for
On 2012-02 -01, at 15:23, Marcos Caceres wrote:
Hi Tim,
On Wednesday, 1 February 2012 at 16:42, Tim Berners-Lee wrote:
Note that when people talk about installation, they often immediately discuss
packaging and manifest formats, which will need to be defined,
Um… we have a REC for
I precisely*didn't* want to get into a detail about whether everyone should use
widgets or will use widgets -- I want to argue for XMLHTTPRequest
being designed to be able to be used not only in an untrusted web page,
but e.g. from an installed widget, or node.js for that matter,
which means
36 matches
Mail list logo
