Skip to toolbar

Community & Business Groups

Missing bits from Widget side

On the widget side, technically, we need to finish the widget URI scheme spec. It currently lacks a proper dereferencing model, which means it does not work well as a protocol. What it needs is to work like blob:// so that it can be used with XMLHTTPRequests (i.e., fake HTTP responses). This will allow things like JQuery mobile to work better… or we need to look to switching to blob://.  Also, Widget Updates needs to be finished.

We also need to continue investigating how to get widgets to work better with OAuth. This is a general problem with native applications, and the OAuth 2 spec does not provide too much guidance:(

Politically/Business-wise, we need to get Moz, Google, or somehow get this supported in Webkit… otherwise, this is not going anywhere.

3 Responses to Missing bits from Widget side

  • Dominique Hazaël-Massieux

    I agree with your characterization of what’s missing from widgets.

    I think in general, it will be useful to take a step back and look at the overall landscape of “native Web apps” (including with projects such as PhoneGap), and also define what we expect this group to do (discuss? experiment? specs?).

    A more random comment: I remember discussing cases where widgets having http origins would be useful; an idea was by binding together Widgets Signature & DNSSec or HTTPS, one could associate reliably a widget with an HTTP origin.


    • Marcos Caceres

      We are still trying to work out what to do with the group. Despite having about 20 members, people have been a bit reluctant to commit to working on anything… maybe we just haven’t found the right thing to work on. I’ve made a few proposals (e.g., an API to allow widgets to be booted from a URI, and passing initialization parameters through a query string).

      I’ve not looked at DSNSec, but seems like signing a widget with an SSL certificate associated with a website might do the trick. I’m a bit worried, however, that mixing HTTP/HTTPs and content from a widget file might make a mess.


  • Marcos Caceres

    I think it would be a good idea to explore how Widgets Signature & DNSSec or HTTPS, could be used (it does begin to solve some of the origin problems… though I don’t like the idea of faking an origin).

    All native apps suffer from the origin problem, so we should look at how that is being addressed (particular use case is OAuth).


Leave a Reply

Your email address will not be published. Required fields are marked *

Before you comment here, note that this forum is moderated and your IP address is sent to Akismet, the plugin we use to mitigate spam comments.