New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mini Apps #183
Comments
We should also figure out the security story for Mini Programs & Quick Apps. |
360 Mini Programs is the first implementation that supports desktop. |
The MiniApps Ecosystem Community Group was created following discussions at TPAC, to incubate work on MiniApps and serve as a base for analysis and proposals of specific work items. |
There are discussions about creating a working group for MiniApps. Here's the draft WG charter: https://w3c.github.io/miniapp/charters/wg-2020.html Issues can be filed in https://github.com/w3c/miniapp/issues |
Te mention of mapping makes me wonder whether the work of the Maps For HTML Community Group should be examined. The different requirements for mas in browsers and for maps in MiniApp could also be stressed in the charter (if there are any). |
Agreed. Filed an issue here: w3c/miniapp#74 |
Related standardization effort in IEEE SA: https://standards.ieee.org/project/2858.html |
Discussed in Strategy meeting 26 May 2020: https://www.w3.org/2020/05/26-strat-minutes.html#item01 Some follow-up in these issues: |
On the security side, I'm concerned that miniapp environments (superapps) will (and do) bypass many of the protections we've already build in browsers. Merely attesting to the origin of code packages is not enough - I'm interested in how they handle isolation and injection protection - and I'm leery of reinventing something that has already had so much effort put into it. In summary, there needs to be a stronger security story here, particularly to justify the bypassing of browser protections. Similarly, I'm concerned that duplicating APIs (e.g. device and sensor APIs) in these environments will bypass protections - particularly for fingerprinting - that we have worked hard to get into the our web APIs. Is there a way to start with the baseline of the web APIs, with the protections we've already specified for those? See also the open issue re: operational considerations: w3c/miniapp#76 |
I am no security expert, but here's my preliminary analysis on isolation and injection protection:
I think we should open a separate issue in https://github.com/w3c/miniapp/issues to discuss this issue.
This is tracked in w3c/miniapp#79
Thanks for opening this issue. I'll discuss it with the CG. |
no comment/suggestion pointed from i18n. |
APA asks @ruoxiran to help review this for accessibility considerations. |
Isn't this in the chartering phase per https://www.w3.org/mid/8323ed3a-7f77-d6dc-b779-4f2404addc6e@w3.org (in the "funnel") |
I agree. I've moved it to "Chartering". |
Accessibility comment is here: w3c/miniapp#139 (comment) |
Charter under AC review: https://lists.w3.org/Archives/Public/public-new-work/2020Nov/0007.html |
Results (limited visibility): https://www.w3.org/2002/09/wbs/33280/miniapps-charter-2020/results |
I see that Apple iMessage (a native application) allows Apps to be hosted inside it, and wonder if that would count as Mini Apps? https://developer.apple.com/design/human-interface-guidelines/ios/extensions/messaging/ |
@svgeesus iMessage can host other applications indeed, but it uses the Messages framework instead of Web technologies, so I think it depends on how we define MiniApps. The current definition in the MiniApps WG is in the white paper and the MiniApp Packaging spec. |
MiniApps are small, install-free, fast-loading programs which typically are run inside other, larger native applications. They use a mixture of native and Web capabilities. Currently, these are mostly used in China. Examples:
Draft WG charter: https://w3c.github.io/miniapp/charters/wg-2020.html
The text was updated successfully, but these errors were encountered: