Meeting minutes
dom: I will be giving an intro presentation that will be recorded
dom: introduces presentation [recorded]
<Jemma> love workshop idea!
ivan: most EPUB readers rely on webviews
… so that's a big set of publishers
… testing is a challenge
John_Riviello: I've been working on a web application that also has a native app
… it has relied on webviews
… now planning to replace with native screens
… if you have a webview making an API call, and native screen doing the same, it's hard to share
… e.g. http request/response
… big complaint on web and native dev side
… trying to build an app with dependencies between web and native view gets very complicated
… not sure what W3C role can be
… but that was a big factor in decision to move off webview to native
dom: I hear both make webviews better for web, and make them better for native
andreban: often trying to bridge gaps
… Fugu has been trying to bring proper APIs to the web so you don't have to bridge
John: beyond web APIs, services
dom: today, webviews aren't part of our design space.
KaustubhaGovind: Google privacy/security
… one of our projects is Trust Tokens
… webviews came up a lot
… as you have content embedded in webviews, if they issue TT in those contexts
… could the app exfiltrate/hoard those tokens to use elsewhere
… security threat model different between webview and browsers
… would like a place to discuss that
xiaoqian: Chinese browsers on Monday mentioned performance as a pain point
dom: `thanks, please share details
Yuanyan: Work for Alibaba on webview work.
… issues include performance; need to customize apps for offline use
… integrate native functions
… standardization can be beneficial to future work
… also native technology support experience
… re bridge technology, that requires lots of repetitive work. still leaves gaps such as advertising, gaming
… standardization would be more developer-friendly
… look forward to more contributions in those aspects
dom: thanks. Should have mentioned gaming in my list of W3C related work
Brady: I'm a publisher who uses webviews for epub
… issue re security model
… web security model doesn't neecesarily work for local curated content
… we need a security model, different.
… e.g. we control a font,
… need appropriate security model
kleber_: Chrome, work with KaustubhaGovind. re Brady's comment
… I'm not sure that local control of font works; content running in a webview can't be confident of the app it's inside of
… user could be fooled by embedding
… lots of assumptions about environment and security might be broken in surprising ways in webviews
jyasskin: tension when trying to protect users from hostile webview embedders; we also want people to be able to write new browsers
<KaustubhaGovind> +1 to what Jeffrey said
dom: can anyone talk about web layers, a different primitive for browsing on Android?
… my impression is that today, webview isn't a great place to start to build a browser
<jyasskin> [Nobody was around who can talk about Web Layer]
andreban: value in discvussing use cases for which webview is being used
… rather than starting from webview
… webview lacks many APIs, runs everything in the same processs
… better to think of use cases: a browser, an in-app browser, loading your own content from HTTPS endpoint
Yuanyan: lots of business in Taobao app, 80-90% of pages developed as web, replacing native development
… our goal is to have web pages that can be integrated with native well
… we look forward to developments
… Electron similarly uses web technoloogy to replace native
… I believe that will become main way in the future
dom: likely webview usage will grow
… Next steps?
… possible W3C CG
… starting from use cases more than webview tech
… Possible workshop
… possibly both
… suggestions?
KaustubhaGovind: document to talk about threat model, vocabulary, would be useful
… maybe a suite of solutions discussing tensions
dom: I could envision that starting in CG, presenting in workshop
jyasskin: +1 to CG to write such a document
dom: with the input from those here expressing interest
JohnRiv: good to use CG for pointers to next discussions
dom: we'll start a CG, then. Let me know if you want to get involved, and watch for new CG creation
… dom@w3.org
dom: minutes and recording of presentation will be available
… thanks all for the input and feedback
[adjourned]