

Mozilla Open Web App prototype - wbills
http://blog.mozilla.com/blog/2010/10/19/prototype-of-an-open-web-app-ecosystem/

======
ShabbyDoo
From the feature list: "Can request access to one or more advanced and/or
privacy-sensitive capabilities" and "Can receive notifications from the
cloud."

GMail, etc. has already proven that the browser provides a rich enough UI
experience to replace desktop apps, but the general lack of integration with
the services of an operating system still forces me to either (1) use desktop
apps for some things or (2) go through convoluted processes.

An example: I used to work on a large photo sharing site, and making it easy
for non-technical users to upload photos was important but difficult. A
desktop app has the advantage of being able to recognize connected hardware,
interrogate obscure file structures (DSIM blah, etc.), and show the user a
pretty grid of photos from the camera -- all triggered on the hardware
connection event. Recently, I told my dad to use Picasa as an uploading front-
end. His eyes glaze over when I have to tell him how to navigate a directory
structure, so a site which requires HTTP Upload is DOA for him. HTML5 will
provide multi-file select, but the degree of available automation is terrible
when compared to the desktop.

Here's what I'd like to see: A set of standard, OS-agnostic profiles for
services provided by an operating system and common peripherals which would
allow web-based apps to do things like slurp photos from a camera, print a
pixel-perfect document, or capture a scanned image. Operating system vendors
(or 3rd parties) could wrap OS-specific driver profiles with these
Javascript/Browser-accessible APIs, and users could grant certain domains the
rights to use them. Imagine a TWAIN driver wrapper for Windows which would
allow a webapp to initiate a scanning request and capture the image without
the user saving the file to disk and then uploading it.

The proposed notifications service is kind of like this except that it is
designed to receive notifications from a bunch of sites even if no webapp is
currently running.

I think the search service design should be inverted. There should be a
standard search service interface which sites could implement, but the local
operating system should implement this same interface and should be queried in
parallel. A user could search for photos on his photo sharing site, a Dropbox-
esque site, AND his local filesystem. But, the search service itself could be
SaaS. Why make the desktop heavier?

What about a dialer/voice profile for mobile devices (and desktop as well)?
What about a "screen management" profile which would allow a web-based
Powerpoint competitor to automatically show the presentation on the projector
but the slide notes on the laptop monitor? What other profiles would be
interesting which could reduce the need for applications to target specific
operating systems? What about a "headless" profile and a "system tray" profile
so that Pandora could be implemented using a combination of HTML5 audio, an
icon on the system tray, and the notification service for song titles?

~~~
ShabbyDoo
As I re-read my submission, I thought about ActiveX controls circa 1999. They
certainly could have been used to solve such problems (at least on Windows),
but the ability for any old site to install native code made them a security
disaster.

What's different here? The entity you trust to provide you with a secure
browser is the same entity providing a set of profiles, and you would opt into
which sites could access these profiles. And, there's no "run arbitrary code"
profile.

~~~
kijinbear
There's still a problem. Most users would just click "Yes" whenever a web site
asked for access. Chrome addons routinely request access to "all files on your
computer" and very few users complain about it. Fast-forward, and it's ActiveX
all over again.

Do people know better these days? I'm not sure.

~~~
ShabbyDoo
I wonder if the security concerns could be limited by opt-outable warnings on
first use. Let's say you gave a malicious site access to the camera profile.
Would it be sufficient for an implementer of the profile to show a dialog
saying, "Click here to upload all your photos to XYZ.com"? [Or, even better,
show thumbnails of the photos which would be uploaded] Is it more real for
users to allow specific access at a specific time than just a blanket "ok" at
install time?

Is there a way to have one's cake and eat it too?

~~~
DjDarkman
It's very hard to get these right and not having an annoying nag-ware
application.

------
toddmorey
As Mozailla defines it, an open web app works in all modern browsers across
the desktop and mobile. That idea thrills me as a user but gives me a sick
feeling as a developer. Unless your app is fairly simple, that's a lot of
platforms to target. What happens as the apps get more complex? I wonder how
many companies will start with one or two platforms and then add support for
more, once their code is tested and refined to enable "each browser to compete
on app presentation, organization and management user interfaces."

I can't help but dream about an alternate universe where browser vendors
standardized on one common, open source rendering engine and one javascript
engine.

------
bluesnowmonkey
I'm a big fan of the "defer commitment" principle. It seems speculative and
dangerous to try to create new standards in a field that is evolving so
rapidly. We've had a lot of form factor innovation like smartphones and
tablets. Other relevant areas like online payments are ripe for innovation as
well. How will these new standards respond to the need for matching
innovation? Who will maintain them? Will there be versioning? What about
backwards compatibility?

~~~
adambyrtek
It's not really a standard at this point, it's just an experiment run by
Mozilla to get traction and catch up with Chrome. In other words they're doing
exactly what you said they should, embracing evolution and innovation in web
applications on both desktop and mobile fronts.

------
rwhitman
So is this basically Mozilla's answer to Chrome's installable web apps?

~~~
ESchmidtSeesYou
Yes, but they're pushing this as an open browser standard for all web app
stores. It'll be interesting to see Google's response to this, as well as how
DRM potentially works in both implementations.

~~~
kijinbear
DRM isn't exactly compatible with open-source...

------
DjDarkman
I don't really know how is this better than launching a site and using a
Paypal gateway integrated into the site.

I don't really know how will this solve XSS and other security problems the
web has.

What problems are these app stores supposed to fix?

~~~
jasonlotito
> What problems are these app stores supposed to fix?

You've completely missed the point. The feature isn't an app store. It's
browser based applications you can download and install on your computer, and
run locally. The browser is merely the engine the runs the application.
They'll probably remove the chrome, and instead of acting like a browser and a
web page, it will merely be the application.

~~~
asnyder
It's probably because the point makes no sense. There's no reason to go back
to desktop apps, we were moving away from that and making lots of progress and
now all of a sudden many are eager to return back to local desktop, but this
time running inside a browser, doesn't make any sense at all.

We should be moving forward, rather than going backwards.

~~~
jasonlotito
> It's probably because the point makes no sense. There's no reason to go back
> to desktop apps

Yes, there is. Being able to install a web app locally means several things
immediately:

1\. Local and remote storage of data beyond what traditional web apps can
accomplish. 2\. Snappier applications, since everything is stored locally. 3\.
You'll still be capable of being connected remotely. 4\. Ability to use the
app even if you aren't connected, or cannot connect remotely.

Also, you assert that we were moving away from desktop apps, when the opposite
is true. Native apps are still insanely popular thanks to mobile devices. Even
on an iOS device, you can run web apps as if they are local applications. It's
incredibly useful here as well. Being able to install an application on your
phone outside the App Store.

~~~
boucher
To be fair, very little of what's proposed in this project changes any of
those points. You can already store data locally using localStorage APIs. You
can already cache application content/scripts/resources locally using HTML
Manifest files, which also let you use the application when you aren't
connected to the net. And of course, you can always access remote resources
when you are (even across domains using the new Cross Domain XHR technology).

The crux of what they are proposing is a standard way to actually say "I want
this web site to be considered an 'app' that can be installed using whatever
your platform wants to consider installing". In other words, a slightly more
enhanced, standard version of adding an app to your homescreen on the iPhone.

~~~
jasonlotito
Local storage is currently limited. On the desktop there will be means for
unlimited storage. Manifest files can present more than merely what file to
download (such as operating in the background). By setting the apps to a
different domain, it gives them room to allow for a different permission set.

~~~
DjDarkman
If it would become unlimited than nothing would stop my web app from filling
your hard drive up with crap. So removing this limit maybe not such a good
idea. Besides if Mozilla wanted to provide unlimited storage they could just
remove the limit from the HTML5 storage, but they won't for the reason I
already wrote.

~~~
jasonlotito
It's the same as any other application you install. What stops any application
from filling up your hard drive with crap?

------
gurraman
I love Mozilla for their efforts. I hate to be pessimistic, but I'm just not
sure this is what the world needs.

~~~
shadowfox
Dunno. Everybody seems to have a different opinion on what the world needs

------
roschdal
Mozilla's proposed Open Web App ecosystem is competing with Google's Chrome
Web Store. Both seem to provide basically the same functionality: a dashboard
of web applications for your web browser, and a store to discover new web
applications.

I think perhaps it would be better Google Chrome and Mozilla had a compatible
app dashboard for the browser, a standard interface to add applications to
these browser dashboards, and competing, but compatible, web stores for web
applications.

------
adambyrtek
Looks like the discussion here is focused on the desktop, but I'm more
interested in what does this mean for the mobile world. Since the original
iPhone announcements we were told that web applications are going to be
treated as first class citizens, but it didn't really happen on any of the
leading mobile platforms.

I really hope that the work Mozilla is doing will help move the state of web
applications on mobile forward in a way that is portable across all platforms.

------
jbillingsley
The idea of "one or more" stores distributing these apps seems likely to hurt
profit margins for developers. I was intrigued until they mentioned that
aspect.

~~~
torme
Competition improves products. If anything, I'd think that it'd be better for
developers.

~~~
jbillingsley
If I'm understanding this correctly the competition wouldn't be dev vs dev but
store vs store. If that is the case then your app becomes a commodity and each
store will try to compete on price, lowering the dev's profit margin in the
process.

~~~
boucher
That's like saying that having more than one grocery store hurts farmers. The
farmers choose what price they sell their produce at, and the stores have to
choose their own price based on how much profit they need to make on each
sale.

In other words, nobody will be forcing these developers to be on a particular
store -- unlike Apple's App Store, where you have to play on their terms.

~~~
torme
Precisely. Stores aren't just competing to get users, they're competing to get
developers. If one store offers a higher profit margin for developers then
that store will have the best apps.

If someone could launch a competitor to the Apple App store, and say "I'm
going to take half the margin that apple takes from app developers", I think
developers would flock to that store, and then so would customers.

------
alexyoung
"Support paid apps by means of an authorization model that uses existing
identity systems like OpenID."

I like the idea of this. I wish it was easier to sell the web apps I build, in
a way that's as easy as plugging in OpenID. I've looked at a few services that
promise this but they either need US a merchant account or something else I
don't have/can't get.

------
railsjedi
Sweet, they included <http://scrabb.ly> as one of the icons in the demo :-)

------
eddanger
Interesting. I just need some type of car analogy for this to make complete
sense.

------
jlgosse
I don't know why I wouldn't just choose app engine, gwt, and chrome's web
store.

~~~
theBobMcCormick
Because not everyone uses Chrome? Because Mozilla is proposing their standard
as an open standard for any browser?

------
aymeric
This is big news for web developers.

