IRC log of installing-web-apps-breakout-2024 on 2024-03-12

Timestamps are in UTC.

20:04:31 [RRSAgent]: RRSAgent has joined #installing-web-apps-breakout-2024
20:04:35 [RRSAgent]: logging to https://www.w3.org/2024/03/12-installing-web-apps-breakout-2024-irc
20:04:35 [tpac-breakout-bot]: RRSAgent, do not leave
20:04:35 [tidoust]: tidoust has joined #installing-web-apps-breakout-2024
20:04:37 [tpac-breakout-bot]: RRSAgent, make logs public
20:04:38 [tpac-breakout-bot]: Meeting: Installing web apps as a new platform feature
20:04:38 [tpac-breakout-bot]: Chair: Diego Gonzalez-Zuniga, Amanda Baker
20:04:38 [tpac-breakout-bot]: Agenda: https://github.com/w3c/breakouts-day-2024/issues/17
20:04:38 [Zakim]: Zakim has joined #installing-web-apps-breakout-2024
20:04:39 [tpac-breakout-bot]: Zakim, clear agenda
20:04:39 [Zakim]: agenda cleared
20:04:39 [tpac-breakout-bot]: Zakim, agenda+ Pick a scribe
20:04:40 [Zakim]: agendum 1 added
20:04:40 [tpac-breakout-bot]: Zakim, agenda+ Reminders: code of conduct, health policies, recorded session policy
20:04:41 [Zakim]: agendum 2 added
20:04:41 [tpac-breakout-bot]: Zakim, agenda+ Goal of this session
20:04:42 [Zakim]: agendum 3 added
20:04:42 [tpac-breakout-bot]: Zakim, agenda+ Discussion
20:04:42 [Zakim]: agendum 4 added
20:04:42 [tpac-breakout-bot]: Zakim, agenda+ Next steps / where discussion continues
20:04:45 [Zakim]: agendum 5 added
20:04:45 [tpac-breakout-bot]: tpac-breakout-bot has left #installing-web-apps-breakout-2024
20:37:32 [Kristin]: Kristin has joined #installing-web-apps-breakout-2024
21:23:47 [ambake]: ambake has joined #installing-web-apps-breakout-2024
21:55:55 [koalie]: koalie has joined #installing-web-apps-breakout-2024
21:55:57 [unextro]: unextro has joined #installing-web-apps-breakout-2024
21:56:09 [koalie]: Zakim, agenda?
21:56:09 [Zakim]: I see 5 items remaining on the agenda:
21:56:10 [Zakim]: 1. Pick a scribe [from tpac-breakout-bot]
21:56:10 [Zakim]: 2. Reminders: code of conduct, health policies, recorded session policy [from tpac-breakout-bot]
21:56:10 [Zakim]: 3. Goal of this session [from tpac-breakout-bot]
21:56:11 [Zakim]: 4. Discussion [from tpac-breakout-bot]
21:56:11 [Zakim]: 5. Next steps / where discussion continues [from tpac-breakout-bot]
21:57:17 [McCool_]: McCool_ has joined #installing-web-apps-breakout-2024
21:58:26 [koalie]: present+ Coralie
21:58:39 [Dingwei__]: Dingwei__ has joined #installing-web-apps-breakout-2024
21:58:49 [Dingwei__]: Present+
21:59:08 [xiaoqian]: xiaoqian has joined #installing-web-apps-breakout-2024
22:01:59 [MasakazuKitahara]: MasakazuKitahara has joined #installing-web-apps-breakout-2024
22:03:34 [koalie]: -> https://github.com/w3c/breakouts-day-2024/issues/17 Installing web apps as a new platform feature
22:04:27 [adamscott_]: adamscott_ has joined #installing-web-apps-breakout-2024
22:04:39 [adamscott_]: adamscott_ has joined #installing-web-apps-breakout-2024
22:04:59 [rbyers]: rbyers has joined #installing-web-apps-breakout-2024
22:05:01 [adamscott]: adamscott has joined #installing-web-apps-breakout-2024
22:05:12 [Howard_Wolosky]: Howard_Wolosky has joined #installing-web-apps-breakout-2024
22:07:12 [Kristin]: Kristin has joined #installing-web-apps-breakout-2024
22:07:14 [marcosc_]: marcosc_ has joined #installing-web-apps-breakout-2024
22:07:20 [Natasha_Gaitonde]: Natasha_Gaitonde has joined #installing-web-apps-breakout-2024
22:07:34 [koalie]: scribenick: koalie
22:08:09 [koalie]: [Diego introduces the session, reminds of code of conduct, antitrust policy]
22:08:23 [koalie]: Diego: I'd like to record this session
22:08:34 [koalie]: ... just the presentation. any objection?
22:08:40 [adamscott]: present+
22:08:44 [koalie]: [none]
22:09:01 [koalie]: Diego: hold questions till the end, please
22:09:25 [koalie]: ====
22:09:34 [koalie]: Zakim, take up item 3
22:09:34 [Zakim]: agendum 3 -- Goal of this session -- taken up [from tpac-breakout-bot]
22:09:46 [koalie]: Diego: we want to present a solution
22:09:48 [koalie]: ... discuss it
22:09:56 [koalie]: ... implementers, developers might be on this session
22:10:17 [koalie]: ... and get as much feedback as we can on the future API
22:10:34 [koalie]: ====
22:11:02 [koalie]: Diego: at the moment we have advanced APIs that enable desktop ux on web apps
22:11:15 [koalie]: ... and we have certain apps that can be distributed through stores
22:11:21 [koalie]: ... we're thinking about installing those
22:11:25 [koalie]: ... Web apps are not new
22:11:30 [koalie]: ... they've existed for a while
22:11:43 [koalie]: ... the web platform at the moment is unable to install content on its own
22:11:58 [koalie]: ... we have limited distribution of web apps, content subject to the rules of app catalog
22:12:10 [koalie]: ... we want to democratize app distribution
22:12:27 [koalie]: ... before we dive into the API and installation, I want to dive into what it means to install
22:12:47 [koalie]: ... think about how this would be integrated with the OS
22:12:59 [koalie]: ... there's also the option to get an icon on the home screen of the device
22:13:10 [koalie]: ... the concept is what you get on firefox and androi devices
22:13:46 [koalie]: ====
22:13:51 [koalie]: Diego: Install criteria
22:14:15 [koalie]: ... for something to be installable the API must support PWA on Chromium and all the web content on webkit
22:14:33 [koalie]: ... install can mean different things
22:14:51 [koalie]: ... the solution https://aka.ms/webinstall
22:14:57 [koalie]: ... is where you'll find the explainer
22:15:16 [koalie]: ... the idea is that basically we're allowing the platform same- cross- origincontent
22:15:38 [koalie]: ... or it can be a more elegant solution
22:15:52 [koalie]: ... there's an ongoing TAG review (#888)
22:16:06 [koalie]: ... we've filed for positiion statements from Webiit and gecko
22:16:40 [koalie]: ... the more common use-case: creation of online app catalogs
22:16:44 [npdoty_]: npdoty_ has joined #installing-web-apps-breakout-2024
22:17:10 [koalie]: ... or installs apps from the search engine results page
22:17:18 [koalie]: ... both improve discoverability
22:17:27 [koalie]: ... this is a promise-based method
22:17:43 [koalie]: ... it resolves if an app is installed and rejects errors
22:18:08 [koalie]: ... the parameters are manifest_id, install_url and optional object
22:18:18 [koalie]: ... the former is what to install, the latter is where to find it
22:18:22 [koalie]: ... we'll talk more about this
22:18:41 [koalie]: ... just know that if these do not exsit or aren't supported, they have fallback
22:18:50 [koalie]: ... so that it works on as many platforms
22:19:06 [koalie]: [Amanda Baker takes over]
22:19:30 [koalie]: Amanda: the goals are to enable installation of web apps
22:19:42 [koalie]: ... [diagram of the flow; hand-drawn]
22:20:03 [koalie]: ... the app can request installation
22:20:26 [koalie]: ... not much is downloaded yet
22:20:32 [koalie]: ... it passes params
22:20:45 [koalie]: ... for the same-orig. case, there's a way to use same params
22:20:57 [koalie]: ... e.g. current document that is used as manifest and URL
22:21:35 [koalie]: ... for a cross-origin install the goals are the same: install. enable, suppress spamming, track acquisition
22:21:51 [koalie]: ... [hand-drawn diagram on screen]
22:22:00 [koalie]: ... user gives perm to the site for install, prompted to install
22:22:06 [koalie]: ... you get your locally installed app
22:22:26 [koalie]: ... the cross-origin is the same as before but both files need to be present
22:22:30 [koalie]: ====
22:22:34 [koalie]: Amanda: make it safe
22:23:11 [koalie]: ... permissions are not auto-granted to install apps
22:23:28 [koalie]: ...we respect same origin security model
22:23:31 [koalie]: ... confirmation by user
22:24:07 [koalie]: ... user activation does gating throughout the installation
22:24:21 [koalie]: ... for x-installation specification the insulation source has to request a permission
22:24:26 [koalie]: ... to prevent sites from spamming
22:24:38 [koalie]: ... if the user doesn't accept, the user won't be prompted to install
22:24:51 [koalie]: ... avoiding installation that isn't wanted
22:24:55 [koalie]: ====
22:25:00 [koalie]: Amana: install_sources
22:25:06 [koalie]: ... this protects the app
22:25:20 [koalie]: ... it allows the target to gate which app stores
22:25:34 [koalie]: ... by default, installation from all sources is disabled
22:25:42 [koalie]: ... the app can allow certain stores
22:25:53 [koalie]: ====
22:26:01 [koalie]: Amanda: US's install confirmation prompt
22:26:20 [koalie]: ... confirmation is needed, the UA needs a confirmation prompt
22:27:16 [koalie]: [Alex Kyereboah takes over]
22:27:42 [koalie]: Alex: the acquisition provider
22:28:07 [koalie]: ... capability to track is limited to the provider
22:28:20 [koalie]: ... the provider has a property
22:28:25 [koalie]: ... returns information
22:28:44 [koalie]: ... attribution id is used to track which marketing campaign was used for the installation
22:28:58 [koalie]: ====
22:29:24 [koalie]: Alex: the current proposal
22:29:43 [koalie]: ... referral info
22:29:56 [koalie]: [Diego takes over]
22:30:08 [koalie]: Diego: Thanks Amanda and Alex. Open discussion
22:30:30 [koalie]: Diego: we have 20 minutes in front of us
22:30:38 [koalie]: ... we gave you an overview of the web install AOI
22:30:49 [koalie]: s/AOI/API/
22:31:13 [adamscott]: q+ About the security model and cross-origin isolation
22:31:16 [koalie]: ... if you have questions, concerns, feedback, please
22:31:21 [adamscott]: q+ to talk about the security model and cross-origin isolation
22:31:34 [koalie]: ack next
22:31:35 [Zakim]: adamscott, you wanted to talk about the security model and cross-origin isolation
22:31:41 [rbyers]: q+
22:31:42 [koalie]: q+ nick
22:31:53 [koalie]: Adam_Scott: great presentation
22:32:32 [koalie]: ... what about the security model and cross-orig. security-wise between this and PWA?
22:32:36 [koalie]: ... is this metadata?
22:32:45 [koalie]: ... I work for the godot game engine
22:32:58 [koalie]: ... x-org. protection allows us to @@
22:33:04 [koalie]: ... that helps us to isolate
22:33:22 [koalie]: ... if a website can install small games, accept to more feature requires security
22:33:31 [koalie]: q+ Matthieu_Pheulpin
22:33:51 [koalie]: Diego: in the case of the Chromium implementation of web apps there isn't isolation
22:34:09 [koalie]: ... in that sense it wouldn't change what you can do already: installing a PWA from the browser
22:34:28 [koalie]: ... a permission would be set and taken to the origin's permission site
22:34:37 [koalie]: ... the model that exists for PWA isn't changed
22:34:50 [koalie]: ... we want to provide a way for developers to install web content
22:34:58 [koalie]: ... that is deemed installable on any engine
22:35:14 [koalie]: q- ma
22:35:55 [koalie]: Diego: there are presentations that you can look at. the core here is getting content from the web installed on a device as a link or somethine else
22:35:58 [koalie]: ack nick
22:36:14 [koalie]: Nick_Doty: Center for Democracy Technology
22:36:21 [koalie]: ... concern about the cross-origin
22:36:41 [koalie]: ... what's the benefit for the user regarding unvetted stores
22:36:54 [koalie]: ... seems like it opens up surface for phishing attacks
22:37:34 [koalie]: ... clicking names that people recognise is risky, may undermine the security model we have on the web
22:37:47 [koalie]: Diego: It's a valid concern
22:38:19 [koalie]: ... it's one of the reasons why we not only leave the responsibility to the webiste but also to try to allow the PWA to say "I want to be installed by xyz"
22:38:43 [koalie]: ... some devrel and ecosystem training, talking to developers may be needed
22:38:50 [koalie]: ... as we work with stores
22:38:58 [koalie]: ... we thought a lot about this
22:39:10 [koalie]: ... if you have ideas we should take into account we value your input
22:39:17 [koalie]: q+ mathieu_pheulpin
22:39:31 [koalie]: Amanda: one place where we provide more information is the install prompt
22:39:43 [koalie]: ... we don't provide info on the origin
22:39:53 [koalie]: ... I haven't checked many other platforms and browsers
22:40:06 [koalie]: ... Diego called out sources as protection but that would not address the phishing that Nick mention
22:40:13 [koalie]: ... e.g., taking the user to gmail,
22:40:24 [koalie]: Diego: flashing for a couple a seconds and disappear
22:40:36 [koalie]: ... @@ available for the application menu
22:40:44 [koalie]: ... if there's more we could be doing, let us know
22:40:49 [koalie]: ack rick
22:40:52 [koalie]: ack rb
22:40:59 [koalie]: Rick_Byers: Google Chrome
22:41:03 [Howard_Wolosky]: Amendment: Both Chrome and Edge show the origin attempted to be installed in the installation prompt.
22:41:22 [koalie]: ... in the x-or case, you said something about the known permission model
22:41:28 [koalie]: ... it's a significant mitigation
22:41:34 [koalie]: ... I'm worried about push notifications
22:41:40 [koalie]: ... google screwed up those
22:42:01 [koalie]: ... still being explored but permission elements (pepsi)
22:42:07 [koalie]: ... we've concluded that
22:42:18 [rbyers]: https://github.com/WICG/PEPC/blob/main/explainer.md
22:42:38 [koalie]: Rick: if pepsi succeeds it feels like it would apply here
22:43:02 [koalie]: ... we should have used a dom even not an API for push notifications
22:43:23 [koalie]: Diego: this will have to play a role; I'm familiar but haven't followed pepsi
22:43:29 [koalie]: s/pepsi/PEPC/G
22:43:32 [koalie]: ack m
22:43:45 [koalie]: Morgan_and_Matthieu: hi from @@
22:43:54 [koalie]: ... I wanted to add a comment on x-or trust
22:44:00 [koalie]: ... there are two sides to the coin
22:44:18 [koalie]: ... spoofing and trust not yet given
22:44:31 [koalie]: ... there's value to develop credibility and trust for not-yet-known brands
22:44:36 [koalie]: ... with 3rd party repo
22:44:40 [unextro]: q+
22:44:46 [koalie]: ... of course trust has to be developed in the first place
22:44:50 [koalie]: ... but the model makes sense
22:44:59 [rbyers]: q-
22:45:09 [koalie]: ack unextro
22:45:29 [koalie]: Ondrej_Pokorny_(unextro): not affiliated
22:45:37 [koalie]: ... I had the same reaction as Nick
22:46:03 [koalie]: ... my question for x-or use-case what is the benefit for the users to imitate stores?
22:46:24 [koalie]: q+ Dan_Murphy
22:46:33 [koalie]: Ondrej: you end up waiting a long time
22:47:08 [koalie]: Diego: try before you buy is something we discussed
22:47:11 [koalie]: ... we could do
22:47:40 [koalie]: ... if there's a way to enable distribution of applications then that's a valid option
22:48:16 [koalie]: ... it would be insteresting to have a declarative way of installing
22:48:21 [koalie]: ... e.g. an html tag
22:48:35 [koalie]: ... I think the flow of the installation is pretty much up to the implementer
22:49:05 [koalie]: ... we're thinking of the use-cases if there a search engine, stores, links to PWAs
22:49:15 [koalie]: ... maybe an open office, an open slide
22:49:21 [koalie]: ... and an app gets installed
22:49:33 [koalie]: ... if there's enough support for that we'd be open to creating it
22:49:48 [koalie]: q- D
22:50:04 [koalie]: Zakim, agenda?
22:50:04 [Zakim]: I see 5 items remaining on the agenda:
22:50:07 [Zakim]: 1. Pick a scribe [from tpac-breakout-bot]
22:50:07 [Zakim]: 2. Reminders: code of conduct, health policies, recorded session policy [from tpac-breakout-bot]
22:50:07 [Zakim]: 3. Goal of this session [from tpac-breakout-bot]
22:50:07 [Zakim]: 4. Discussion [from tpac-breakout-bot]
22:50:07 [Zakim]: 5. Next steps / where discussion continues [from tpac-breakout-bot]
22:50:22 [koalie]: Zakim, take up item 5
22:50:22 [Zakim]: agendum 5 -- Next steps / where discussion continues -- taken up [from tpac-breakout-bot]
22:51:02 [koalie]: Diego: aka.ms/WebInstall
22:51:19 [koalie]: RRSagent, make minutes
22:51:21 [RRSAgent]: I have made the request to generate https://www.w3.org/2024/03/12-installing-web-apps-breakout-2024-minutes.html koalie
22:52:36 [koalie]: i|Diego: at the moment |Topic: Presentation|
22:52:57 [koalie]: i|Diego: Thanks Amanda and Alex. |Topic: Discussion|
22:54:09 [koalie]: i|RRSagent, make minutes|... feel free to find us on GitHub following the link above|
22:54:12 [koalie]: RRSagent, make minutes
22:54:13 [RRSAgent]: I have made the request to generate https://www.w3.org/2024/03/12-installing-web-apps-breakout-2024-minutes.html koalie
22:57:25 [koalie]: present: Diego_Gonzalez, Amamda_Baker, Alex_Kyereboah, Coralie_Mercier, Ding_Wei, Nick_Doty, Adam_Scott, Morgan-and-Mathhieu, Ondrej_Pokorny, Rick_Byers, Howard_Wolosky, Dan_Murphy
22:58:11 [koalie]: RRSagent, make minutes
22:58:12 [RRSAgent]: I have made the request to generate https://www.w3.org/2024/03/12-installing-web-apps-breakout-2024-minutes.html koalie
23:02:28 [koalie]: s|Diego: aka.ms/WebInstall|Diego: for next steps, find info at https://aka.ms/webinstall|
23:03:20 [koalie]: s|(#888)|https://github.com/w3ctag/design-reviews/issues/888#issuecomment-1734131209|
23:03:32 [koalie]: s/Webiit/webkit/
23:03:49 [koalie]: s/or installs apps/or install apps/
23:04:22 [koalie]: s/object/objects/
23:04:41 [koalie]: s/exsit/exist/
23:05:19 [koalie]: s/Diego introduces/Diego Gonzalez introduces/
23:06:30 [koalie]: s/====//
23:06:31 [koalie]: s/====//G
23:07:02 [koalie]: s/specification/specifically/
23:07:34 [koalie]: s/US's/UA's/
23:09:19 [koalie]: s/unvetted stores/unvetted stores?/
23:09:42 [koalie]: s/webiste/website/G
23:10:23 [koalie]: s/gmail,/gmail/
23:11:43 [koalie]: present+ Natasha_Gaitonde
23:12:36 [koalie]: s/dom even/DOM event/
23:13:00 [koalie]: s/Mathhieu/Matthieu/
23:13:58 [koalie]: s/e.g./e.g.,/G
23:14:08 [koalie]: s/html tag/HTML tag/
23:14:30 [koalie]: RRSagent, make minutes
23:14:31 [RRSAgent]: I have made the request to generate https://www.w3.org/2024/03/12-installing-web-apps-breakout-2024-minutes.html koalie
23:15:00 [koalie]: s/Amana:/Amanda:/
23:15:15 [koalie]: RRSagent, make minutes
23:15:16 [RRSAgent]: I have made the request to generate https://www.w3.org/2024/03/12-installing-web-apps-breakout-2024-minutes.html koalie
23:15:41 [koalie]: s/Amamda/Amanda/G
23:15:42 [koalie]: RRSagent, make minutes
23:15:44 [RRSAgent]: I have made the request to generate https://www.w3.org/2024/03/12-installing-web-apps-breakout-2024-minutes.html koalie
23:23:29 [koalie]: RRSAgent, stay
23:23:44 [koalie]: Zakim, bye
23:23:44 [Zakim]: leaving. As of this point the attendees have been Diego_Gonzalez, Amamda_Baker, Alex_Kyereboah, Coralie_Mercier, Ding_Wei, Nick_Doty, Adam_Scott, Morgan-and-Mathhieu,
23:23:44 [Zakim]: Zakim has left #installing-web-apps-breakout-2024
23:23:47 [Zakim]: ... Ondrej_Pokorny, Rick_Byers, Howard_Wolosky, Dan_Murphy, Natasha_Gaitonde