07:19:49 RRSAgent has joined #miniapp 07:19:54 logging to https://www.w3.org/2023/09/14-miniapp-irc 07:20:39 Meeting: MiniApps WG @ TPAC 2023 07:20:45 present+ xfq, martin 07:20:58 rrsagent, make log public 07:21:00 rrsagent, make minutes 07:21:01 I have made the request to generate https://www.w3.org/2023/09/14-miniapp-minutes.html xfq 07:28:30 QingAn has joined #miniapp 07:30:23 present+ 07:32:18 present+ Lu Huang 07:32:27 present+ Hang Ma 07:32:35 present+ Yves 07:32:41 present+ Dan Zhou 07:32:44 chair: martin 07:32:48 scribe: xfq 07:33:13 present+ Tomoaki Mizushima 07:33:43 present+ Daniel Appelquist 07:33:54 present+ Sangwhan Moon 07:34:28 Topic: Welcome and administrivia 07:34:50 martin: since the chairs are not able to attend today, I'll moderate today's meeting 07:34:55 bkardell_ has joined #miniapp 07:34:57 DKA has joined #miniapp 07:35:10 minyongli has joined #miniapp 07:35:17 present+ Minyong_Li 07:35:19 present+ Dan_Appelquist 07:35:20 ... we're following the Code of Ethics and Professional Conduct 07:35:28 rrsagent, make minutes 07:35:29 I have made the request to generate https://www.w3.org/2023/09/14-miniapp-minutes.html xfq 07:35:54 martin: I'll present the current status of the miniapp specs 07:35:55 tminamii has joined #miniapp 07:36:18 ... I'll try to be very briefly 07:36:24 present+ 07:36:29 ... and talk about the next steps and the issues 07:36:41 ... we'll also talk about implementations and testing 07:36:52 ... we'll also talk about recharter 07:38:00 ... @@1 07:38:00 LuHuang_ has joined #miniapp 07:38:12 ... we created a white paper 07:38:18 https://www.w3.org/TR/mini-app-white-paper/ 07:38:23 martin: in 2021 we launched the WG 07:38:36 ... working on Manifest, Lifecycle, and Packaging 07:39:47 ... we also have components and IoT 07:40:51 ... we requested wide review re i18n privacy security a11y etc. 07:40:51 ... there are still some open issues to resolve 07:40:51 Lei_Zhao has joined #miniapp 07:40:51 ... miniapp manifest is based on web app manifest 07:41:00 present+ Wanming Lin 07:41:08 present+ Lei Zhao 07:41:36 martin: some members have overlap with the web app manifest 07:41:42 ... I'll mention them later 07:41:55 ... the host of the miniapp could be a 'super app' or the operating system 07:42:12 ... since MiniApps can be distributed in a package 07:42:33 ... it includes information like app store etc. 07:42:54 ... we have an open issue about miniapp manifest on i18n 07:43:43 ... I'm following the same issue in the web app manifest 07:43:46 ... because they have the same issue 07:43:52 ... we'll align with them 07:44:09 ... another issue is how to guarantee the security in MiniApps 07:44:11 LuHuang has joined #miniapp 07:44:22 ... the TAG has some comments on this 07:45:11 ... one of the proposals was to include a content security policy directly in the manifest 07:45:34 ... I've seen this is something that is considered in Isolated Web Applications 07:45:57 ... this is a very early proposal and we need to discuss it 07:46:12 ... comments welcome 07:46:25 [martin shows the proposal] 07:47:06 DKA: wasn't there also a signing part of that? 07:47:13 martin: yes 07:47:20 ... it's related to packaging 07:47:27 ... will mention it later 07:47:47 ... also the ID of the app is an issue 07:48:18 ... tomayac mentioned some members like permissions to align with IWA 07:48:30 ... MiniApp Lifecycle 07:49:03 ... it has events and interfaces for MiniApps like launched etc. 07:49:26 ... QingAn is the main editor of this spec 07:50:19 QingAn: for the application lifecycle, previously we agreed that there should be an additional event which is the unloaded 07:50:26 ... the slides need to be updated 07:50:32 martin: yeah 07:50:45 ... MiniApp Addressing 07:51:04 Dan_Zhou: after the last TAG review of MiniApp Addressing 07:51:24 ... we have rewritten a large part of MiniApp Addressing 07:51:36 ... to use both http and custom scheme 07:51:43 ... use the deeplinking technology 07:51:52 ... the explainer still needs updating 07:52:02 ... and we plan to submit it for TAG review 07:53:26 martin: there are similar discussions in IWA 07:53:26 ... we should discuss with them 07:53:26 ... widgets 07:53:26 ... widgets is a special form of MiniApps 07:53:58 regrets: tomayac 07:54:11 martin: type of recources in miniapps 07:54:47 ... HTML, CSS, JS, and i18n files 07:54:58 s/i18n files/i18n resources/ 07:55:03 xiaoqian has joined #miniapp 07:55:17 martin: so far the spec is very vague in terms of i18n 07:55:35 ... we need to perhaps add more information on how i18n works for MiniApps 07:55:54 ... re components, we agree that we want to follow the web components work 07:56:02 ... we won't reinvent the wheel 07:56:48 [martin shows the packaging structure] 07:57:29 martin: manifest.json 07:57:30 ... app.js, app.css 07:57:30 ... pages/ 07:57:30 ... common/ 07:57:30 ... i18n/ 07:58:23 [Summary of Open Issues in MiniApp Packaging] 07:58:23 martin: 1. Preservation of the origin model 07:58:23 ... 2. Secure context 07:58:23 ... this is crucial 07:58:32 ... how to avoid tampering the content of a miniapp 07:58:51 ... we try to avoid any gatekeeper 07:58:58 ... 3. Efficiency of ZIP container 07:59:17 ... ZIP is not efficient but it's most commonly used in existing MiniApps 07:59:23 ... this is somethinig we should discuss 07:59:41 ... we have a proposed solution: https://github.com/w3c/miniapp/issues/195#issuecomment-1525435423 08:00:48 martin: the last proposal we have was proposed by Dan Zhou 08:01:00 ... do you want to introduce this, Dan Zhou? 08:01:42 Dan_Zhou: it's mostly written by Jia Wang 08:02:30 Q: does the manifest include permission information? 08:02:33 martin: yes 08:02:48 Q: 8 years ago, Firefox did something similar 08:03:29 ... at the time, Mozilla tried to add all those as web APIs 08:04:04 ... in some cases maybe it does not apply to MiniApps, but in other cases there might be something like location 08:04:15 ... maybe MiniApps can also use this 08:05:09 martin: it's like native apps, we still need to define what are the capabilities we use for accessing powerful features 08:05:18 present+ Yinfeng Wang 08:05:28 Yves has joined #miniapp 08:05:29 zhoudan has joined #miniapp 08:05:45 michielbdejong___ has joined #miniapp 08:05:49 martin: please correct me if I understand wrong about this proposal 08:05:54 present+ 08:06:12 igarashi_ has joined #miniapp 08:06:13 Hi, Michiel de Jong here, I asked the question about permissions in the manifest 08:06:29 present+ Tatsuya_Igarashi 08:07:34 martin: @@1 08:07:44 ... something similar with content security policy 08:08:11 DKA: I don't understand what you're saying about the miinapps will be delivered on the web 08:08:34 ... my understanding was the architecture is that an intermediary delivers the miniapp to the end user 08:09:10 ... nothing else is required in order to operate using the same origin policy 08:09:31 RRSAgent, make minutes 08:09:32 I have made the request to generate https://www.w3.org/2023/09/14-miniapp-minutes.html xiaoqian 08:10:18 ... so I'm little confused @@ 08:10:18 q+ 08:10:55 martin: so far we only defined the signature mechanism 08:12:23 ... but we haven't defined the specific requirements of using the signatures 08:12:23 DKA: from a developer workflow perspective, app store provider works with the application developer 08:12:30 ... Starbucks have their miniapp 08:12:44 ... the intermediary upstream provider might add an additional signature 08:13:03 ... the chain of trust is clear because the first party is the one that actually produced the app 08:13:45 q- 08:14:02 DKA: @@ 08:14:29 sangwhan: there's a description of what will be used to mitigate this but there's not much information about how 08:14:44 ... I think the group would probably need to elaborate on that 08:15:00 ... you could use self-signing certificates 08:15:17 ... and how does that fit into the origin model 08:15:24 ... that's actually not a fully solved problem yet 08:15:36 ... I think the IWA folks are working really hard to figure out 08:15:53 ... so you could potentially reuse some of that effort for it 08:16:05 ... I think you're looking at a very similar problem space 08:16:06 DKA has joined #miniapp 08:16:14 DKA has left #miniapp 08:16:39 [martin introduces the proposal in https://github.com/w3c/miniapp/issues/195#issuecomment-1445851956 ] 08:16:55 martin: this is not specified in the spec 08:17:20 ... but if you believe this could solve the problem we can elaborate this and recommend it 08:17:43 ... so far we haven't recommended anything to solve the problem, but we can do 08:18:02 ... we have 2 proposals 08:18:16 ... https://github.com/w3c/miniapp/issues/195#issuecomment-1445851956 and https://github.com/w3c/miniapp/issues/195#issuecomment-1525435423 08:18:56 DKA has joined #miniapp 08:19:07 ... this is kind of similar to the epub format 08:19:49 martin: could adding these signatures inside the package be enough to solve the problem? 08:20:08 ... and include more information about how to @@ 08:20:33 DKA: I think the initial TAG feedback that we gave was this looks like a step in the right direction 08:20:49 ... this is an attempt to satisfy the requirement 08:20:58 ... to align with the web security model 08:21:33 ... architecturally it would be lovely if everything was aligned 08:22:16 ... I think requirements in IWAs might be slightly different overlapping but not exactly the same 08:22:32 q+ 08:23:17 ... miniapp group has been working for a number of years, but if IWA is trying to solve similar problems 08:23:33 ... maybe there should be some discussions going on between IWA and here 08:23:49 ... I think we would like to see more details on how 08:24:02 ... and maybe an end to end demo or something like that 08:24:13 ... to use a signature based model like this 08:24:34 ... but as I said, initial TAG feedback is this looks like a step in the right direction 08:24:46 Yves: just wanted to say that in the case of IWA, it's a bit different 08:24:58 ... because @@ 08:25:11 ... maybe you could send it to the web app security group 08:25:51 martin: we haven't included all the details 08:25:51 s/@@/IWA is served through the origin, here you need to ensure that the origin is the right one as it can be sent via an intermediary/ 08:26:09 ... that's why we need to discuss this 08:26:22 sangwhan: we didn't say this is not enough 08:26:31 ... we're trying to digest the situation at the moment 08:27:35 ... I think one of the potential difficulities with this particular kind of approach is that there's no concrete mechanism for associating an origin with a signing certificate 08:27:35 ... probably like a way to use well knowns to @@ 08:27:51 ... as of today, that mechanism is missing 08:28:03 martin: I totally agree that we need to solve this problem 08:28:33 sangwhan: the reason why we emphasize this is because these kind of security mechanisms are very difficult 08:28:44 ... it can be a significant amount of effort 08:29:20 ... to be honest, we mentioned stuff about the zip file format because if you want to do patches like partial downloads it's not so great 08:29:48 martin: we will continue the discussion 08:30:01 ... we will send some direct proposals to you with some solutions 08:30:28 sangwhan: since your folks are all here, you could try to get some time to try to reach out to the IWA folks 08:30:37 ... I think most of them are here 08:30:47 rrsagent, make minutes 08:30:49 I have made the request to generate https://www.w3.org/2023/09/14-miniapp-minutes.html xfq 08:31:26 martin: since we don't have all the people on the call 08:31:34 ... we can continue this offline 08:31:45 ... and send a more complete proposal to TAG as a follow up 08:32:06 Topic: Implementation and testing of MiniApp specs 08:32:20 martin: we almost haven't started implementation 08:32:26 ... we only have a couple of tests 08:32:30 q- 08:32:41 ... so far we already have a process 08:32:48 ... I created some tests 08:32:59 DKA_ has joined #miniapp 08:33:01 s/@@/to associate signing keys to origins/ 08:33:12 q? 08:33:31 ... it's very manual 08:33:44 ... if we have something semi automatic, it could be even better 08:34:31 ... but I think we don't have @@ 08:34:54 [martin summarizes the TAG discussions] 08:35:21 [TAG left] 08:35:58 https://github.com/w3c/miniapp-tests 08:36:11 martin: we should start as soon as possible with tests 08:36:26 ... if we don't have any specific tool for automatin 08:36:31 s/automatin/automation 08:36:43 martin: I propose that we use the current framework 08:36:56 ... we need to start testing the specs 08:37:08 ... this is time consuming 08:37:19 ... I volunteer to help anyone who will test 08:37:34 ... and we can even open this to the community to help us to create tests 08:37:51 ... the next thing is implementations 08:38:03 ... any update on the status of implementations? 08:38:45 Topic: WG re-chartering 08:39:06 martin: as you might know we had some formal objections on the new charter 08:39:24 https://www.w3.org/2002/09/wbs/33280/MiniApps-recharter/results 08:39:48 martin: there were 3 formal objections 08:40:13 ... the first formal objection is about adding more context about the miiniapp ecosystem 08:40:30 ... and previous efforts in the W3C community 08:40:40 ... I agree 08:40:46 ...it's something that we can include 08:40:55 ... iit's part of the hisitory 08:41:18 s/iit's/it's 08:41:41 martin: some of them were abandoned because they did not succeed 08:42:05 ... the second deliverable is about the miniapp components 08:42:16 ... I think that was misunderstood 08:42:29 ... at the time of the review of the recharter 08:42:38 ... it was in a very early stage 08:42:47 ... and it was a bit confusinig 08:42:59 ... now we have inicluded a new revisioni 08:43:08 ... created 12 or 13 new sectionis 08:43:18 ... iit's not our definitioini of components 08:43:30 ... it reuses web components 08:43:38 ... not reiinventiinig the wheel 08:44:18 ... iin this case II think we could speak directly to hiim 08:45:38 xfq: @@ normative 08:46:02 martin: if we want to make iinformative we can avoid any fricgtion witht e web componets community 08:46:16 ... currently it's more or less informative 08:49:20 ... @@ 08:50:52 agree from me 08:52:00 ... so the plan iis to remove it in the WG charter and incubate iit more in the CG for now 08:52:25 ... any more comments form miniapp vendors? 08:53:06 ... any maybe publiish it as a note in the future 08:54:14 ... II think the versoin chaals read was outdated 08:54:25 ... the current versoini is better 08:54:37 ... I think it was jus ta misunderstanding 08:54:56 ... the next objection is i18n 08:55:06 ... we haven't included anythiing wrt i18n 08:55:20 ... we only have an i18n directory 08:56:09 ... I suppose we can find previous art 08:58:09 ... it would be nice to have a conversation with chaals to cover these issues 08:58:19 [Discuss chaals' comments] 08:58:53 Topic: Open discussion on the direction of MiniApps 08:59:12 martin: we have to look at the work of IWA 08:59:24 ... I was in the sessiion on Monday afternoon 08:59:42 ... yesterday there were also some sessions about IWA 08:59:53 ... they have a specific package format 09:00:02 ... based on secure web bundles 09:00:20 ... they also offer the possibility to stream 09:00:29 ... they also use web app manifest 09:00:45 ... with some changes 09:00:50 ... their content security policy is similar 09:01:04 ... and also on how to define these powful APIs 09:01:12 ... I recommend to keep an eye on this work 09:01:22 ... and perhaps having a meeting with them 09:02:10 Topic: Combination of MiniApps and AI 09:02:29 Dan_Zhou: Baidu is refactoring all products to include AI 09:02:35 ... and that includes miniapps 09:02:56 ... we integrated the development environment with a code assistant 09:03:30 [Dan Zhou shares her screen] 09:03:56 Dan_Zhou: Comate is Baidu's code assistant based on LLM 09:04:16 ... it can auto complete and explain code 09:04:28 ... it wlil be publiished later 09:04:59 ... we also developed a answersing system based on LLM for miniapp documents 09:05:19 ... I think in the near future, developing MiniApps can be simpler 09:05:32 ... I think this is a future direction for miniapps 09:06:15 martin: is this public? 09:06:33 ... this could be interesting for developers to develop MiniApps according to our specs 09:07:01 Dan_Zhou: the latest development environment includes Comate 09:07:06 ... but need invite 09:07:15 ... I can invite you to try it 09:07:30 martin: any other topics? 09:09:27 ... we should talk with webapps WG to collaborate on IWA 09:09:41 ... please think about tests 09:09:55 rrsagent, make minutes 09:09:57 I have made the request to generate https://www.w3.org/2023/09/14-miniapp-minutes.html xfq 09:10:19 [Martin summarizes today's meeting] 09:10:25 rrsagent, make minutes 09:10:26 I have made the request to generate https://www.w3.org/2023/09/14-miniapp-minutes.html xfq 09:10:35 Yves has left #miniapp 09:10:45 minyongli has left #miniapp 09:35:39 xiaoqian has joined #miniapp 09:36:40 xfq has joined #miniapp 09:40:30 xfq has left #miniapp 10:52:23 Zakim has left #miniapp 11:19:18 xueyuan_ has joined #miniapp 11:56:35 xueyuan__ has joined #miniapp 12:25:19 xiaoqian has joined #miniapp 12:37:44 xiaoqian_ has joined #miniapp 12:43:35 siusinng__ has joined #miniapp 12:59:37 xiaoqian_ has joined #miniapp 14:58:44 xiaoqian_ has joined #miniapp 14:59:03 sangwhan has joined #miniapp 15:19:36 siusinng__ has joined #miniapp 15:33:31 siusinng__ has joined #miniapp 15:56:28 siusinng__ has joined #miniapp 16:04:56 siusinng__ has joined #miniapp 16:33:26 xueyuan has joined #miniapp 16:41:56 xueyuan has joined #miniapp