14:00:41 <RRSAgent> RRSAgent has joined #web-install
14:00:41 <RRSAgent> logging to https://www.w3.org/2020/10/27-web-install-irc
14:00:44 <Zakim> Zakim has joined #web-install
14:00:54 <tidoust> RRSAgent, make logs public
14:01:05 <tidoust> Meeting: Web Install API - TPAC 2020 breakout session
14:01:11 <tidoust> Agenda: https://www.w3.org/2020/10/TPAC/breakout-schedule.html#web-install
14:01:19 <tidoust> Chair: Peter Conn
14:01:39 <lgombos> lgombos has joined #web-install
14:01:45 <lgombos> Present+ Laszlo_Gombos
14:02:05 <jsbell> present+
14:03:27 <tidoust> scribe: tidoust
14:03:48 <tidoust> tidoust has joined #web-install
14:04:02 <tidoust> ... I would feel more comfortable if people hold on on questions until the end of the presentation
14:04:22 <tidoust> ... I'm Peter. Working at Google for 5 years now on the Chrome Android team.
14:04:36 <tidoust> ... Team responsible for Web APK.
14:04:55 <tidoust> ... We've got an idea, in very early stages. We'd like to get your feedback.
14:05:05 <tidoust> ... What are your concerns? Very exploratory overall.
14:05:10 <tidoust> ... What is this API about?
14:05:38 <tidoust> ... Simply put, an API that allows a website to request the installation of another website
14:05:47 <tidoust> ... You can request to install yourself too.
14:05:59 <tidoust> ... Two main use cases: web app directories.
14:06:17 <tidoust> ... Catalogues of web apps, reviews, ratings, so on. They do exist today but somewhat limited.
14:06:31 <tidoust> ... Second, a unified installation page for vendors.
14:06:38 <tidoust> ... Why do we want to make app directories better?
14:06:58 <tidoust> ... It will make apps more appealing to developers and more useful for users.
14:07:15 <tidoust> ... The Web does not really have a good place for people to go for that.
14:07:45 <tidoust> ... Mechanisms to install at the expense of discoverability for the time being.
14:07:51 <tidoust> ... Why unified install pages?
14:08:36 <tidoust> ... The reason we like this is that it encourages publishers to organize their apps in different domains, stronger isolation, more granular permissions.
14:09:14 <tidoust> ... Some concerns: We should protect the user from the catalogue, the user from the install website, and we may want to protect the target website from the catalogue.
14:10:29 <tidoust> ... We could imagine that, to protect the user from the catalogue, you have some kind of permission, a browser prompt, a user gesture or perhaps some trustability measure.
14:10:32 <tidoust> ... Not mutually exclusive
14:10:54 <tidoust> ... To protect the user from the target website, we want to apply normal installability criteria.
14:11:04 <tidoust> ... [mentions some difficulties]
14:11:40 <tidoust> ... To protect the target website from the catalogue, example of Proxx which was copied an sold within hours of being uploaded.
14:12:04 <tidoust> ... We cannot solve this magically, but we could give some control to an app over who can list/install it.
14:12:36 <tidoust> ... We have been doing some mocks for Android (I'm more familiar with that platform).
14:12:50 <tidoust> ... [showing some UX designs]
14:13:02 <danyao> danyao has joined #web-install
14:13:33 <tidoust> ... Seamless install. Or browser prompt, where the user interacts with a prompt to confirm the install.
14:13:46 <tidoust> ... Finally, we've got try before you buy, slightly different approach.
14:14:18 <tidoust> ... The goal is for the user to be able to quickly return to the catalogue if they close.
14:14:28 <tidoust> ... Finally, a list of open questions:
14:14:36 <tidoust> ... 1. Should the website know where the installer come from?
14:14:44 <tidoust> ... Linked to the monetization question.
14:15:02 <tidoust> ... Some way for websites to know what triggered the installation. Referrer or something more complex.
14:15:29 <tidoust> ... Informing the directory of the outcome. Some way to turn the "install" button into a "launch" button.
14:16:03 <tidoust> ... Checking for existing installs. The directory would want to customize its UI.
14:16:29 <tidoust> ... This would be a big privacy concern if any more than 3 apps are shown because it would liead to fingerprinting.
14:16:47 <tidoust> ... Presumably, we could let the directory see the apps that it has in store itself.
14:16:58 <tidoust> ... Now taking questions!
14:18:03 <tidoust> Kenneth: I'm a bit scared of store apps looking exactly like your bank
14:18:38 <tidoust> ... My bank might say: I don't want to be in any app store, but the app store may contain another app that mimics the bank app in different stores.
14:18:50 <tidoust> ... Things like mixing character sets in URL.
14:19:18 <tidoust> ... Somewhat like UI guarantees that you cannot mimic, as for fullscreens.
14:19:59 <PJ> PJ has joined #web-install
14:19:59 <tidoust> PEConn: Store has to do its due diligences.
14:20:22 <tidoust> ... I guess it is definitely a concern, because we would be creating a more valuable ecosystem for app stores.
14:20:48 <tidoust> ... At the moment, we have very few and very trustworthy stores. Not sure what to say about what will happen when the number of stores increases.
14:21:43 <tidoust> Kenneth: Safe list, probably a file on the side not to have to update the manifest JSON file.
14:22:07 <tidoust> PEConn: Perhaps. Blocklists may not work because stores may not respect them.
14:22:41 <tidoust> Aaron: One of the things I've been doing some research on is using related apps number of references to enumerate stores.
14:22:52 <tidoust> ... That might help protecting the user from the catalogue.
14:22:59 <tidoust> PEConn: How does that currently work?
14:23:11 <tidoust> ... Websites are cross-platform but stores aren't really for now.
14:23:25 <tidoust> Aaron: Will have something to share in the next week or two.
14:24:05 <tidoust> ... The browser ends up making the decision and listing different catalogues from which an application could be retrieved.
14:24:38 <tidoust> PEConn: Any thoughts about any of the open questions?
14:24:55 <tidoust> Aaron: From our experience in Microsoft world, referral is very important.
14:25:09 <tidoust> ... When apps were uninstalled could be very useful metric too.
14:25:47 <tidoust> ... Referral becomes very useful for cases where you have bounty programs, e.g. when the store gets paid for a certain number of installs.
14:26:29 <tidoust> PEConn: This checking for existing installs is the hardest for me. Anyone got thoughts about that?
14:27:06 <tidoust> Aaron: From a UX standpoint, the ability to know whether an app was installed would be useful.
14:27:26 <tidoust> ... Some people have multiple times the same PWA, sometimes using from different browsers.
14:27:52 <tidoust> ... I wonder whether there might be some way that we could explore. Some magic button that browsers could control and not pass the info to the app.
14:28:16 <tidoust> Kenneth: Difficult, given the need to style the button through CSS
14:28:30 <gary> gary has joined #web-install
14:28:42 <tidoust> Aaron: If the directory is the source of the installation, that's not a big deal providing that info. But there are other scenarios.
14:29:11 <tidoust> ... Perhaps we could intercept an installation request for something that is already installed and offer to launch it instead.
14:29:43 <tidoust> PEConn: That would work for the dialog approach in the options I listed.
14:31:20 <tidoust> Kenneth: I think that this is quite useful. Entreprises that want their own stores for instance.
14:31:27 <tidoust> ... But definitely a lot of concerns.
14:32:11 <tidoust> ... I wonder about additional permissions. Maybe entreprise access.
14:32:22 <tidoust> ... Some form of approval, handholding would be useful.
14:32:50 <tidoust> PEConn: There may be a way to end up with a sliding scale if we can trust stores more.
14:33:07 <tidoust> Kenneth: In the enterprise case, this will be administrated anyway.
14:33:34 <tidoust> Joshua: [scribe missed question]
14:34:06 <PEConn> If the app store loses the "I'm an app store permission", should the apps it installed be uninstalled?
14:34:14 <PEConn> (that was the question)
14:34:35 <tidoust> Kenneth: Red alert seems fine to me.
14:35:19 <tidoust> PEConn: You're saying that the unified installation page is a better motivator for this API?
14:35:41 <tidoust> Kenneth: I don't know. I know that this is a pretty compelling use case.
14:36:10 <tidoust> ... The app store thing, I don't expect a lot of those. That would be confusing for users anyway.
14:36:18 <tidoust> ... 10, 50, depending on regions.
14:36:30 <tidoust> ... Entreprises will have pre-approved apps.
14:36:54 <tidoust> ... For public ones, you probably want some relationship with e.g. Google to get permissions.
14:37:04 <tidoust> ... It is really a scary thing.
14:37:37 <tidoust> PEConn: Do you have other examples of using origin trials as a way to restrict permissions as opposed to giving an API a try?
14:37:46 <tidoust> Kenneth: No.
14:38:24 <tidoust> ... [going in some details]
14:39:35 <tidoust> Francois: @@Games
14:40:09 <tidoust> PEConn: We're more looking at more generic apps, although some people have mentioned this new Amazon games streaming thing.
14:40:14 <tidoust> ... Something to bear in mind.
14:41:18 <tidoust> Francois: Link to monetization?
14:41:28 <tidoust> PEConn: I'm also working on the Digital Goods API
14:42:04 <tidoust> ... It also a website that's hosted in a trusted web activity to talk to the payment library installed on the phone.
14:42:29 <tidoust> ... So the digital goods API allows the web site to take payments.
14:42:46 <tidoust> ... You could see other people implementing the API.
14:43:33 <tidoust> ... One of the things it does is, how it works depend on the context. If you're running in a web site, it returns null. If you're in a PWA, it returns an object.
14:43:51 <tidoust> ... Browser can figure out what your install source is.
14:44:04 <tidoust> ... and return the right info and features accordingly.
14:45:42 <tidoust> Francois: What are the next steps? Incubate in the WICG?
14:46:03 <tidoust> PEConn: Just an idea for now. We wanted to get some feedback first. Seems we get some positive feedback but also concerns.
14:46:18 <tidoust> ... We'll work on answering some of the questions and come up with something more concrete.
14:46:29 <tidoust> ... We may have a talk about that at the upcoming BlinkOn.
14:48:38 <tidoust> PEConn: Thanks a lot for attending the session! Look at the slides for my email if you want to reach out!
14:48:43 <GlennHartmann> GlennHartmann has joined #web-install
14:57:51 <tidoust> s/@@Games/The games CG discusses web games. Main issues raised are around discoverability, installation, and monetization. Wondering whether you have been looking into this use case or more generically into all sorts of apps./
14:57:56 <tidoust> RRSAgent, draft minutes v2
14:57:56 <RRSAgent> I have made the request to generate https://www.w3.org/2020/10/27-web-install-minutes.html tidoust
15:03:20 <tidoust> i/... I would feel more comfortable/PEConn: Let's get started./
15:03:38 <tidoust> i/PEConn: Let's get started./Topic: Presentation/
15:04:25 <tidoust> i/Kenneth: I'm a bit scared/Topic: Discussion/
15:04:28 <tidoust> RRSAgent, draft minutes v2
15:04:28 <RRSAgent> I have made the request to generate https://www.w3.org/2020/10/27-web-install-minutes.html tidoust
15:08:09 <PEConn> thank you very much!
15:42:02 <Ralph> zakim, end  meeting
15:42:02 <Zakim> As of this point the attendees have been Laszlo_Gombos, jsbell
15:42:03 <Zakim> RRSAgent, please draft minutes v2
15:42:03 <RRSAgent> I have made the request to generate https://www.w3.org/2020/10/27-web-install-minutes.html Zakim
15:42:08 <Zakim> I am happy to have been of service, Ralph; please remember to excuse RRSAgent.  Goodbye
15:42:12 <Ralph> rrsagent, bye
15:42:12 <RRSAgent> I see no action items