On Thu, Feb 12, 2015 at 8:58 PM, Benjamin Francis <[email protected]> wrote:
> Thanks for this Marcos, it makes a lot of sense, and thanks for the offer > of help. > > On 11 February 2015 at 01:13, <[email protected]> wrote: > >> Thanks for putting these together. I would highly recommend that for any >> feature people want to add to the Web, people follow the DOM team's >> guidelines for adding new things to the Web Platform: >> >> https://wiki.mozilla.org/WebAPI/DesignGuidelines >> >> It's fine if we want to keep adding things to the FxOS Platform (as long >> as we understand that *that is not the Web Platform*), but if we want to >> add things to the Web Platform, then the above should help us get there. >> > > In support of Paul's proposals around "granting permissions to the web" I > would suggest we should consider re-visiting the "hosted", "privileged" and > "certified" levels of "Open Web Apps" on Firefox OS. > > One possibility is that we split apps into simply "web apps" which follow > web standards (and some proposed web standards) and "Firefox Apps" which > use non-standard Firefox OS-specifc privileged features which aren't on any > standards track. I think the name "Open Web Apps" may have made sense at > the start of the B2G project but has now outlived its usefulness to the > point that it could be considered misleading. No other vendor implements > the mozApps API, some of the apps are not "web" apps, and there are now web > standard alternatives to some of their features (which is a good thing). > When you say "(and some proposed web standards)" what are you referring to? The subset of privileged/certified APIs that we manage to expose to the web? Just making sure I follow you? > > I would suggest we should aim to migrate the vast majority of apps > (including Gaia apps) to being web apps, but there are likely to be some > Firefox Apps which are basically Firefox OS chrome (like the system app) or > Firefox OS addons (like the dialer) and require chrome level type > privileges. > I did some analysis of the permissions used in Gaia to see how feasible this is. See[1] for data. This confirms some of the high priority APIs that we might want to expose: - deviceStorage:* - contacts - SystemXHR (hard to imagine this being exposed to the web) - Camera: expose Camera API? Or add features to getUserMedia (latter seems more likely, but are their hardware risks/limitations) - Mobile Connection API is another popular one, but this is very dangerous. Maybe we could look at exposing more of the read-only attributes through the mobile-network permission but it has similar privacy implications to geolocation, only more difficult to explain to the user. Firefox Apps would still use HTML, CSS and JavaScript but would essentially > be a new type of chrome level code for things which don't fit the security > model of the web, would be packaged, and would have to be code reviewed and > cryptographically signed by Mozilla like other Firefox addons. Web apps on > the other hand must by definition always be hosted on the web and have a > more decentralised system of trust. > Right - basically you are just talking about a name change here? Certified --> Firefox App Privileged apps --> Firefox App Web app --> Web App > > We should aim to create new Web APIs to allow Firefox OS-specific Firefox > App addons to be replaced by cross-browser web apps wherever possible. > I.e. make privileged apps into web apps (using your new terminology?)? > This doesn't mean that we can't create voice calling and messaging web > apps for Firefox OS for example, just that as Marcos says any pieces which > directly call legacy telephony and SMS APIs are unlikely ever to be "the > web". > [1] https://docs.google.com/spreadsheets/d/1mSJPO5tNG_xSybeLN8SBvVruCOHB1ZJkZ6unlfI23_Q/edit?usp=sharing
_______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
