12:31:44 RRSAgent has joined #sysapps 12:31:44 logging to http://www.w3.org/2012/10/31-sysapps-irc 12:31:44 mgylling has joined #sysapps 12:31:46 tokamoto has joined #sysapps 12:31:47 Present+ Diana_Cheng 12:31:49 Zakim has joined #sysapps 12:31:54 Present+ Jonathan_Jeon 12:31:57 Yoshihiro has joined #sysapps 12:31:58 jyp has joined #sysapps 12:32:03 Present+ Toshi Okamoto 12:32:07 Milan_Patel has joined #sysapps 12:32:20 meeting: APIs for Trusted Web Applications 12:32:33 Present+ Soonbo_Han 12:32:52 agenda: http://www.w3.org/wiki/TPAC2012/SessionIdeas#APIs_for_Trusted_Web_Applications 12:33:04 Hidetoshi has joined #sysapps 12:33:13 Topic: Round of introductions 12:33:39 spoussa has joined #sysapps 12:33:48 Present+ Bo_Chen 12:33:57 sato has joined #sysapps 12:34:12 morrita has joined #sysapps 12:34:33 slejeune has joined #sysapps 12:34:37 tantek has joined #sysapps 12:35:14 Jun_Liao has joined #sysapps 12:35:21 Bo_HU_ChinaUnicom has joined #sysapps 12:35:33 Present+ Kenji_Baheux 12:35:54 Present+ Sakari_Poussa 12:36:14 Daisuke has joined #sysapps 12:36:15 Bo_HU_ChinaUnicom has joined #sysapps 12:36:29 bjkim has joined #sysapps 12:36:44 jmarting has joined #sysapps 12:37:48 kboudaoud_ has joined #sysapps 12:37:49 Wonsuk explains the background to the launch of the SysApps WG - the emergence of the Web operating system , e.g. ChromeOS and FirefoxOS 12:38:55 claudio has joined #sysapps 12:39:02 Scribe: richt 12:39:34 dsr: We'll go through a few general points then open the floor for general discussion. 12:39:44 dsr: Web browsers need to take care to protect users 12:40:01 ...APIs designed in that environment need to protect the user and mitigate security risks 12:40:15 ...this has been done in W3C DAP WG 12:40:29 ...If a Contact app wants to access contacts, it offers a picker in the web browser 12:40:37 ...but not full access to a contacts database. 12:40:41 alexandremorgaut has joined #sysapps 12:40:57 SungOk_You_ has joined #sysapps 12:41:02 ...SysApps is about creating system-level applications. e.g. Making a Contacts Manager/Address Book 12:41:13 ...That needs a much richer API without nagging the user all the time. 12:41:14 Comus has joined #sysapps 12:41:22 ...That needs much more trust for the application. 12:41:35 ...There's a whole new breed of these platforms emerging. 12:41:46 hiro has joined #sysapps 12:41:50 ...Webinos working on a cross-device platform. 12:42:03 ...Tizon, Chrome OS, Firefox OS and also Phonegap. 12:42:37 Can someone provide a link to the presentation? 12:42:41 ...Using a web stack has many advantages e.g. much easier for developers 12:42:52 kotakagi has joined #sysapps 12:43:03 ...So what is need to trust apps. Is it provenance of the app or signing for example? 12:43:18 s/Tizon/Tizen/ 12:43:25 TV Ramen: Web apps we don't have to install. Click on a link and it works. 12:43:36 ...but when we get to the security model we have problems there. 12:43:44 MikeSmith has joined #sysapps 12:44:25 slides: http://www.w3.org/wiki/images/0/0c/Sysapps-tpac2012.pdf 12:44:44 s/TV Ramen/TV Raman/ 12:44:46 Thank you. 12:44:51 MikeSmith_ has joined #sysapps 12:45:08 dsr: It's increasingly common we have lots of devices. TVs, mobiles, computers 12:45:23 ...more emerging devices: cars, medical devices, monitors 12:45:26 HJ has joined #sysapps 12:45:58 ...how do we let authorization to my services in a simple way 12:46:09 ...in Webinos we came up with Personal Zones to solve this problem. 12:46:28 ...in SysApps we want to produce APIs that we can run consistently not just client side but also server side. 12:46:43 ...so services can run embedded or on the cloud. 12:46:52 ...this is the focus of the Webinos project 12:47:07 [shows the SysApps WG charter on the screen] 12:47:22 s/[shows/[dsr shows/ 12:47:47 dsr: Initial focus of the group will be on security models. 12:47:53 tpacbot has joined #sysapps 12:48:11 ...then we have a few 'getting our feet wet' APIs: alarm, contacts, messaging, telephony, raw sockets. 12:48:25 ...then we'll move to more complicated APIs. 12:48:28 dbaron has joined #sysapps 12:48:38 ...NFC has been split off to a separate working group. 12:48:42 dbaron has left #sysapps 12:48:55 tpacbot has joined #sysapps 12:49:33 dsr: We are in the sign-up period for the SysApps WG and we're looking for initial contributions and spec editors 12:49:48 ...we're very much in the initial stages. 12:49:55 ...we plan to use Github for spec development. 12:50:16 Wonsuk: We have received some input concerning phase 1 from current members. 12:50:36 ...Please get involved on the mailing list with any other comments. 12:51:16 dsr: we received some feedback from Oxford University (John Lyle) re: security model for this group. 12:51:43 rotsuya has joined #sysapps 12:51:44 [dsr refers to 'Security Model?' slide shared in this session on the screen] 12:53:29 dsr: Regarding the execution model I made a few notes in the slidedeck. 12:53:49 Hidetoshi has joined #sysapps 12:54:02 [dsr refers to 'Execution Model?' slide shared in this session and up on the screen] 12:54:08 jalvinen has joined #sysapps 12:55:16 dsr: At this point we should throw the floor open for discussions. 12:55:31 dsr: Please add a Topic to the IRC channel. 12:56:08 agendum+ example topic 12:56:22 zakim, take up agendum 1 12:56:22 agendum 1. "example topic" taken up [from dsr] 12:56:26 rrsagent, generate minutes 12:56:26 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html paulc 12:56:46 Wonsuk: Thanks dsr. 12:57:08 ...we want to freely talk about the items in the slide deck. If you have any questions then it would be good to discuss them now. 12:57:15 KTwo has joined #sysapps 12:57:15 Dewa has joined #sysapps 12:57:16 ...e.g. how many items will be handled in this working group? 12:57:23 ...there may be a wide scope. 12:58:01 Alex Morgaut: We are working on implementations. We have a lot of requirements that currently have no answers. 12:58:15 kotakagi has joined #sysapps 12:58:23 ...we are looking for answers to those things. A use case: we really need a lot of new APIs. 12:58:25 ..Very open to working here. 12:58:46 Wonsuk: Most important is agreeing on the execution model and security model 12:58:58 ...once we have these things we can specify the APIs. 12:59:13 ...the APIs have to align with the execution and security model. 12:59:57 ...we want to make sure that the APIs are designed to work in that context. 13:00:20 ...once we've validated a security/execution model we can build out the API items we produce here. 13:00:23 ...in phase 2. 13:00:36 ...and we continue to get further feedback on where we head when we get to phase 2. 13:00:52 spoussa has joined #sysapps 13:01:25 Alex Morgaut: Looking for things like USB/Bluetooth for example. Will these be available in browsers or in embedded devices for example? 13:01:35 ...we're looking for a standard way to do that. 13:02:08 Arnaud has joined #sysapps 13:02:20 Daisuke has joined #sysapps 13:02:51 toshi: can phase 2 start before phase 1 ends? 13:03:04 For WG charter milestones see http://www.w3.org/2012/09/sysapps-wg-charter.html#milestones 13:03:29 Wonsuk: phase 1 and phase 2 does not have a sharp cut-off. 13:03:45 toshi: yes, we don't need to rush but there may be a lot of interest in phase 2. 13:04:09 paulc: The link I provided show the milestones as documented in the charter. 13:04:24 manyoung has joined #sysapps 13:04:25 paulc: that doesn't necessarily mean you can't start the FPWD of a phase 2 doc early. 13:04:41 paulc: that seems to be a model the W3C is encouraging here. 13:05:05 KTwo has joined #sysapps 13:05:18 Alex Morgaut: There are some interesting questions here. Things like File System API. We don't want to the app to have access to the full filesystem. Just to a part of it. 13:05:22 MikeSmith has joined #sysapps 13:05:49 dsr: That seems to be a question about the sandboxing. 13:05:57 gape has joined #SysApps 13:06:27 nwidell: Does SysApps make any assumptions on whether we have e.g. Widgets or AppCache based applications? 13:06:33 ...are we making any assumptions here? 13:06:42 dsr: I don't think that has been decided. Up in the air. 13:06:54 ...other groups are working on packaging. This is still to be looked at in the context of this WG. 13:07:09 Wonsuk: We can give some info about the permission to access some features. 13:07:30 ...in this perspective there are issues related to the packaging format. 13:07:48 ...there is work in different working groups. We will need to align. 13:08:22 TV Raman: Two problem here: one is the lifecycle e.g. start/stop. The second problem is the interfaces. 13:08:36 ...We can divide this problem. Maybe even split the work with other WGs. 13:09:00 ...So e.g. today on Android. I can use Intents and other apps can handle these actions. 13:09:31 ...that might be something interesting here. Right now web apps can't call other web apps. 13:09:58 dsr: There is plenty we can learn from existing systems here. 13:10:03 ...we've got a lot of input. 13:10:48 nwidell: Another question: Why do we have the Contacts API? 13:11:01 ...in the DAP WG there was an assumption we had a native address book in the device. 13:11:41 Wonsuk: richt is the spec editor may have some thoughts on this. 13:12:04 ...in SysApps we need to define all of the features of Contacts e.g. write/remove/read/etc. 13:12:12 ...in DAP we could only do searching/finding. 13:12:21 ...due to the in-browser security issues. 13:12:31 K2 has joined #sysapps 13:12:59 sakari: Isn't this an implementation detail. The API does not dictate where the address book is IIUC. 13:13:21 Alex Morgaut: Could the a high-level API be more abstract? 13:13:32 s/Could the a h/Could the h/ 13:14:01 e.g. on a gaming console I have different profiles. Sometimes I'm talking to external contacts, family, friends. 13:14:27 ...Is there a way to choose a 'type' of contacts that I get access to as an application. 13:14:33 jmarting_ has joined #sysapps 13:14:36 sakari: I think that's going to be up to the API and its design. 13:15:25 richt: we've done this activity a number of times already, my question is what it is different this time? 13:15:25 ethan has left #sysapps 13:15:45 are the companies making the proposal willing to adopt the standards? 13:16:24 wonsuk asks richt about the previous efforts. 13:16:30 alexandremorgaut has joined #sysapps 13:16:58 richt: we definitely need to learn from previous work, e.g the experience with policies 13:17:11 dsr: our company might be interested to bind contact API to a LDAP directory on the server 13:17:32 dan applequist: I think we'll have more implementations. More implementations will mean more examples to point to 13:17:39 ...where things work and where things don't work. 13:17:47 ...maybe this is the opportunity to get it right. 13:18:04 ...and we can learn from directions we've previously tried. 13:18:38 marcin_hanclik: I agree with the point made by richt. Why not take one of the previous proposals and implement this instead of starting and doing the same again? 13:19:01 sakari: DAP may be considered one input. DAP is really primitive due to the browser security model. 13:19:08 ...We want to do much more than is possible in these APIs. 13:19:41 dcheng3: It's primitive because it has a well-defined scope. 13:20:27 Wonsuk: This has been a good discussion. 13:20:36 ...I want to close the discussion for now. 13:20:42 matt has joined #sysapps 13:20:52 ...We will have a 10 minute break and then re-convene for further discussion. 13:21:21 ...Question about working model for this group. 13:21:21 rrsagent, generate minutes 13:21:21 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html paulc 13:21:31 Wonsuk: We will probably have 2-3 f2f meetings per year. 13:21:43 ...and we will have regular conference calls. 13:21:49 Wonsuk: Ok. Break. 13:21:57 [Group takes a 10 minute break] 13:23:32 tokamoto has joined #sysapps 13:23:39 morrita has joined #sysapps 13:24:22 jalvinen has left #sysapps 13:26:01 a12u has joined #sysapps 13:28:33 rrsagent, generate minutes 13:28:33 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html paulc 13:30:01 Present +Koichi_Takagi 13:32:28 morrita has joined #sysapps 13:34:02 a1zu has joined #sysapps 13:34:52 massimo has joined #sysapps 13:34:56 Present+ Koichi_Takagi 13:35:35 Yoshihiro has joined #sysapps 13:35:46 Yanagiuchi has joined #sysapps 13:36:23 Arnaud has left #sysapps 13:36:35 Hidetoshi has joined #sysapps 13:36:42 sburr has joined #sysapps 13:36:49 scribe: dsr 13:36:50 nkic has joined #sysapps 13:36:54 gmandyam has joined #sysapps 13:37:03 spoussa has joined #sysapps 13:37:06 Topic: Security Models 13:37:24 ttanaka2 has joined #sysapps 13:37:34 Wonsuk: Jonas will be able to describe the security model used in FirefoxOS. 13:38:50 Jonas: FirefoxOS has a bunch of preinstalled apps. Installing an app takes you through an installation step. We don't believe that installing an app should by default give it wide priviledges. 13:39:13 It should be safe to install any app from an appstore you trust. 13:39:14 SungOk_You_ has joined #sysapps 13:39:55 When you install an app it can do anything web pages do, but not reading files. 13:40:11 To talk to other websites it has to use CORS or CSP. 13:40:29 kboudaou has joined #sysapps 13:40:42 You get local (sandboxed) storage and limited means to create notifications. 13:41:01 sato has left #sysapps 13:41:28 Comus has joined #sysapps 13:41:40 To build more powerful apps you need additional capabilities. Built-in apps have the most priviledges. Certified apps have somewhat less priviledges. 13:42:05 Claes has joined #sysapps 13:42:08 Some telephony and SMS APIs are restricted to built-in apps. 13:42:23 manyoung has joined #sysapps 13:42:35 Also settings e.g. communicating with the SIM card. 13:43:11 Certified apps can access the filestore, camera, and more. 13:43:34 Priviledged apps need to be installed from a certified app store. 13:43:46 Milan_Patel has joined #sysapps 13:43:49 mounir has joined #sysapps 13:43:50 Currently, this is limited to the Firefox store. 13:44:23 The app store needs to review the code of the app and make sure that it won't abuse its priviledges. 13:44:59 Apps are signed with the store signature. 13:46:07 At run time, in addition to checking for the app store signature, for the first time, we also ask the user. The user's choice can be remembered for future occasions. 13:46:26 q+ 13:47:01 Jonas notes that you wouldn't want to lose 10 years of photos, so the additional checks are worth it. 13:47:18 q? 13:47:40 If a prompt is too hard to explain to a user, we put the responsibility on the app store and don't ask the user. 13:48:21 It is very hard for users to make security decisions without a good context. 13:49:05 Asking the user in the context of the app running provides context (cites example of a game asking for access to your contacts after winning a level) 13:49:42 The app developer has to deal with the user deciding against a request. 13:50:23 Each app has completely separate store for cookies and app specific data. 13:51:09 This is also good for privacy as it makes it hard to track users across apps. 13:51:17 +q 13:51:29 vhardy has joined #sysapps 13:51:46 richt asks jonas if Mozilla will submit their packaging solution? 13:52:06 jonas: yes we plan to do so to webapps wg. 13:52:46 richt: does sysapps need to work on packaging before working on APIs? 13:53:08 rrsagent, draft minutes 13:53:08 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html JonathanJ1 13:53:09 jonas: packaging is tightly coupled to the execution and security models. 13:53:39 richt: to what extent can be build upon existing work? 13:54:07 jonas: that's for this group to decide, we may find different opinions across people on the details. 13:55:07 rrsagent, draft minutes 13:55:07 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html hbang 13:55:22 the short answer is that I would prefer not to use widgets, and to rather use something similar to the chrome packaging solution. 13:56:07 richt: the common element is defining privileges in the manifest. 13:57:04 We limit what information we surface to the user, especially at installation time. 13:57:21 s/priviledge/privilege/g 13:58:13 Suresh: it makes sense to focus on just what is needed. 13:58:51 Jonas: if we get to the point where everyone is happy with the API, that's the important part. 13:59:29 jcdufourd has joined #sysapps 13:59:58 rrsagent, draft minutes 13:59:58 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html richt 14:00:02 Some APIs, e.g. alarm, only make sense in a certain run-time environment. 14:00:43 Our alarm API allows us to wake up a particular app. 14:00:47 Present+ Tomoyuki_Shimizu 14:00:57 q 14:01:16 q? 14:01:17 Jonas: we have a central feature of system messages that can for example wake up apps. 14:01:26 q- 14:01:29 Bo_Chen has left #sysapps 14:01:59 Bo_Chen has joined #sysapps 14:02:00 Hidetoshi has joined #sysapps 14:02:01 Jonas: DOM events may not make sense. 14:02:46 wonsuk: if you want to ask a question, please queue yourself on irc. 14:02:53 q- 14:02:56 q- 14:03:06 ack gmanydyam 14:03:22 nwidell has joined #sysapps 14:03:29 gmandyam: are you going to define content handler managers? 14:04:15 jonas: we are basically using web activities. Any app can register to handle a given activities. 14:04:44 gmandyam: adding/removing apps as an example 14:05:42 jonas: we allow anyone to set up an app store. you don't need to be privileged to check if an app is installed. 14:06:17 q+ to ask about permission prompts in FF OS 14:06:20 Our home screen app is relatively unprivileged. It can install, execute and uninstall apps. 14:06:43 ack gman 14:07:05 tantek has joined #sysapps 14:07:24 q? 14:07:27 gmandyam: there are so many different approaches to app life cycle security that it doesn't make sense to force just one here. 14:08:33 q- 14:09:26 wonsuk: where we agree, we can standardize the approach. 14:10:07 gmandyam: it may depend on the underlying OS. 14:10:17 paulc has joined #sysapps 14:10:53 nkic has left #sysapps 14:11:07 richt: at some point you can assume that an app has a given set of privileges. This group should take that as an assumption. 14:11:16 nkic has joined #sysapps 14:11:36 coms has joined #sysapps 14:11:38 rrsagent, generate minutes 14:11:38 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html paulc 14:12:00 jonas: depending on the API we will prompt the user at run-time. 14:12:28 richt: you're saying the privileges can be changed dynamically for a given API? 14:13:18 jonas: yes. The user isn't prompted at installation time for a given privilege, but only the first time it is used at run-time. 14:13:41 paulc: jonas is that setting by app? 14:13:45 jonas: yes. 14:13:56 ? 14:14:02 q? 14:14:39 gmandyam: two apps may have different privileges, e.g. one has rw and other other ro, is that correct? 14:15:23 fwiw, we follow HTML practice. If you don't have permission to access the API, then we don't expose that API on the DOM and you check if it exists or not at runtime as per web best practices. 14:15:30 ..in Widgets + Extensions. 14:15:33 q? 14:15:36 jonas: essentially, however, to keep the UI simple, we limit how this is configured {yes, no, ask user} 14:16:01 ack nwidell 14:16:01 nwidell, you wanted to ask about permission prompts in FF OS 14:16:28 nwidell: have you considered the use of policy languages? 14:17:15 jonas: no. we examined how users would be asked for the various apps for our use cases, and found that we didn't need policies. 14:18:05 For most apps, there will be only one or two questions in practice. we want to avoid annoying the user with questions. 14:18:55 We ask the user mainly in privacy situations and not so much in security situations. I'm not really sure what policy languages are needed for, 14:19:27 nwidell: they are useful when many permissions need to be changed at the same time. 14:19:30 tantek has joined #sysapps 14:20:11 jonas: we would prefer to avoid operator set policies in general, but there could be corporate policies in enterprise scenarios 14:20:47 we've mostly focused on the developers' perspective. 14:21:14 we may get around to policies later where it doesn't really effect the model. 14:21:20 rrsagent, generate minutes 14:21:20 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html hbang 14:21:36 wonsuk: we've run out of time. thanks to jonas. 14:21:46 Wonsuk has left #sysapps 14:21:52 rrsagent, set logs public 14:21:59 rrsagent, make minutes 14:21:59 I have made the request to generate http://www.w3.org/2012/10/31-sysapps-minutes.html dsr 14:26:27 Hidetoshi has joined #sysapps 14:27:30 marcin_hanclik has left #sysapps 14:27:30 bjkim has left #sysapps 14:27:52 dsr has joined #sysapps 14:28:00 tokamoto has joined #sysapps 14:28:51 sburr has joined #sysapps 14:39:46 yamaday has joined #sysapps 14:43:08 tokamoto has joined #sysapps 14:44:56 massimo has joined #sysapps 14:47:32 Hidetoshi has joined #sysapps 14:47:48 sburr has joined #sysapps 14:48:43 tokamoto has joined #sysapps 14:48:55 morrita has joined #sysapps 14:49:11 tokamoto has joined #sysapps 14:53:51 spoussa has joined #sysapps 14:54:48 hiro_away has joined #sysapps 14:55:02 massimo has joined #sysapps 14:55:38 yamaday has joined #sysapps 14:56:06 Yanagiuchi has joined #sysapps 14:59:42 nwidell has joined #sysapps 15:06:35 richt has joined #sysapps 15:07:30 MikeSmith has joined #sysapps 15:09:02 Wonsuk has joined #sysapps 15:09:26 tokamoto has joined #sysapps 15:09:31 Wonsuk has left #sysapps 15:11:28 vhardy has joined #sysapps 15:11:29 tantek has joined #sysapps 15:13:48 kotakagi has joined #sysapps 15:17:39 kotakagi has joined #sysapps 15:42:52 nwidell has left #sysapps 15:49:44 kotakagi has joined #sysapps 15:59:02 spoussa has joined #sysapps 15:59:30 tokamoto has joined #sysapps 16:00:11 dsr has left #sysapps 16:02:56 Yanagiuchi has joined #sysapps 16:09:08 vhardy has joined #sysapps 16:09:50 tomoyuki has joined #sysapps 16:11:58 richt has joined #sysapps 16:17:52 MikeSmith has joined #sysapps 16:19:06 vhardy has joined #sysapps 16:19:17 vhardy_ has joined #sysapps 16:19:29 Dewa has joined #sysapps 16:24:44 Hidetoshi has joined #sysapps 16:24:46 Hidetoshi has left #sysapps 17:04:13 Hidetoshi has joined #sysapps 17:05:49 nwidell has joined #sysapps 17:06:15 vhardy has joined #sysapps 17:21:25 tpacbot has joined #sysapps 19:10:05 MikeSmith has joined #sysapps 19:21:01 MikeSmith has joined #sysapps 19:54:56 Hidetoshi has joined #sysapps 20:48:39 vhardy has joined #sysapps 22:15:16 tantek has joined #sysapps 22:32:13 sburr has joined #sysapps 22:33:22 richt has joined #sysapps 23:28:02 sburr_ has joined #sysapps