Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI to manage third-party apps #168

Open
rakeshpai opened this issue Jul 21, 2017 · 1 comment
Open

UI to manage third-party apps #168

rakeshpai opened this issue Jul 21, 2017 · 1 comment
Labels
type: enhancement Proposed improvement

Comments

@rakeshpai
Copy link

rakeshpai commented Jul 21, 2017
edited by ArduinoBot
Loading

Similar to how Chrome/Firefox pop up a dialog asking for permissions, could you consider adding a permissions system for third-party apps to use Arduino Create Agent?

The agent could pop up a dialog whenever a site makes a request to its http server, asking "domain.com is trying to access your serial ports, Allow / Deny". If the user allows, the origin gets added to the config.ini. If the user denies, the origin is stored in some sort of blacklist.

Additionally, it'd be really awesome to have a UI for viewing and revoking access of domains to the serial ports.

When #165 is resolved, to the best of my understanding, the signature keys won't be required anymore.

When implemented, it would effectively make this agent an extension to the web itself, making it the defacto app to use for electronics hobbyists whether they use Create or not. It will also serve as an example for standards bodies to help decide if this (or similar) is worth including in the standards process. (I'm aware of WebUSB and WebSerial, but neither do what this project aims to.)

If browsers were to implement this, to the best of my knowledge, they'd approach it by making permissions even more granular. The browser would implement a 'Port picker" UI, and only allow access to the user's selection, so as not to expose the list of connected peripherals to the web. I'm speculating here of course, but it's the most obvious implementation, considering security ramifications.

There are several apps that can use this. The most advanced example I know of is BetaFlight, which is currently implemented as a Chrome App, and are in trouble because Google has end-of-life'd Chrome Apps. I'm working on a similar app too. We all need to have this native layer, and it feels stupid to duplicate the work you've done. Instead, IMHO, it'd be much more awesome to focus on just this one project and make it awesome for everyone.
@matteosuppo
Copy link
Contributor

Hello, I'm working on a arduino-create-agent 2.0. Something like that could be very interesting indeed. I will consider it.

@zmoog zmoog added the type: enhancement Proposed improvement label Feb 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zmoog @rakeshpai @matteosuppo