Replies: 1 comment
-
|
Some unedited notes: beware Unlike other ecosystems, there are multiple packaging formats and distributors for apps on the XDG platform. We need to define globally unique app IDs for each of these for using signed metadata. Terms
Uses
Non-goals
FlatpakDistributor: collection IDs
e.g. SnapDistributor: snap authority, e.g.
Manifest examplebased on web application manifest incubation spec // /.well-known/xdg-app-association
{
// scope must be root to associate with the whole site
"scope": "/",
// ...
"related_applications": [
{
"platform": "snap",
"id": "canonical/0IdVwWv66I2pI7X8D65kZ40Y8oYh6WqY/KtwxgRlwCAVKFw92BUdt1WloH1Va3QPo",
"fingerprints": [
{
// same value as in snap metadata
"type": "sign-key-sha3-384",
"value": "BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul",
}
],
"permissions": [
// IDK if we need a version here...
"credentials/v0",
"launch":
]
},
{
"platform": "flatpak",
"id": "org.flathub.Stable/com.discordapp.Discord",
"fingerprints": [
{
// SHA-256 hash over signing key (GPG v4 public key block)
"type": "sha256-gpg-v4",
"value": "c504fa5dc891df6cfcc10021dd9addf08459007f1787f40b9c6fd3c7e58416ea",
}
]
}
]
}NotesIncluding the Snap developer ID means that the site is bound to developer ownership; if the developer transfers ownership, the manifest must also be updated. (Are permissions bound to the developer ID? probably should be...), and permissions must be updated Developers/owners aren't a real concept in Flatpak (though it does exist in Flathub), so we can't do that there. Basing on the Web Application Manifest might not be super useful |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
This is more of a meta issue, not one we can really tackle on our own.
In #184, we talk about how if an origin attests to the running app, then we can skip permission prompts when that app requests credentials for that origin.
This would be very useful to automate that away from the user. Providing this would mean the user would have a higher signal-to-noise ratio for permission prompts, which is good for preventing prompt fatigue.
However, there are a few challenges we have to solve, that are somewhat interrelated:
Beta Was this translation helpful? Give feedback.
All reactions