- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 22 Apr 2015 17:43:34 +0200
- To: "public-web-security@w3.org" <public-web-security@w3.org>
- CC: public-webapps <public-webapps@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
https://www.w3.org/community/blog/2015/04/19/proposed-group-the-extended-web-community-group/ Since the CG description is free from "political" stuff, I included it here :-) Most of the things exposed in the system-level (native) APIs of Android, iOS, Windows, etc. could indeed be provided in web-browsers. However, the cost and time that this would take as well as the ever-increasing speed of native OS and related hardware developments make this unrealistic except for a rather modest set of well-scoped APIs. It has also proven to be considerably harder dealing with untrusted web-code than originally thought. "The Extended Web CG" is about *COMBINING the power of the two worlds* which is a bit nicer than the current "Platform War" (which like regular wars doesn't really make anybody happy). To achieve that, The Extended Web CG is dedicated developing a *secure link* between the Open [untrusted] Web and the Native [trusted] layer, independently of how the latter is expressed. The current idea is building on an *enhanced version* of Chrome's Native Messaging: http://www.cnet.com/news/google-paves-over-hole-left-by-chrome-plug-in-ban/ http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html The single most important feature of Native Messaging is that it offers *a way for third-parties to innovate* in areas ranging from Secure Web-payments to Streaming Media-services as well as one-of-a-kind vendor-specific solutions like Remote Diagnostics for PCs. FWIW, it seems that the core concept (talking securely with a web-page), could, and with relative ease (fingers crossed...), also include mobile devices connected to a web-page through an NFC/Bluetooth(BLE) "combo" link: https://cyberphone.github.io/openkeystore/resources/docs/webnfc--web2device-bridge.pdf A defensive publication has recently been submitted for this proposal. Anders Rundgren convener/"firestarter" https://cyberphone.github.io/openkeystore/resources/docs/web2native-bridge.pdf
Received on Wednesday, 22 April 2015 15:44:25 UTC