On 7/11/24 8:41 PM, Robbie McElrath wrote:
Contact emails
rmcelr...@chromium.org, reil...@chromium.org
Explainer
https://github.com/WICG/isolated-web-apps/blob/main/README.md
<https://github.com/WICG/isolated-web-apps/blob/main/README.md>
Specification
https://wicg.github.io/isolated-web-apps/isolated-contexts
<https://wicg.github.io/isolated-web-apps/isolated-contexts>
Summary
Isolated Web Apps (IWAs) are an extension of existing work on PWA
installation and Web Packaging that provide stronger protections
against server compromise and other tampering that is necessary for
developers of security-sensitive applications.
Rather than being hosted on live web servers and fetched over HTTPS,
these applications are packaged into Web Bundles and signed by their
developer. For this initial launch, installation can only be triggered
by enterprise policy on managed devices.
Blink component
Blink <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink>
TAG review
https://github.com/w3ctag/design-reviews/issues/842
<https://github.com/w3ctag/design-reviews/issues/842>
TAG review status
Pending
Risks
Interoperability and Compatibility
Gecko: No signal
(https://github.com/mozilla/standards-positions/issues/799
<https://github.com/mozilla/standards-positions/issues/799>)
WebKit: No signal
(https://github.com/WebKit/standards-positions/issues/184
<https://github.com/WebKit/standards-positions/issues/184>)
Web developers: Several companies have reached out asking about IWA
availability (can’t name them publicly), the iwa-...@chromium.org
<https://groups.google.com/u/1/a/chromium.org/g/iwa-dev>list is
active, and there’s been some interest
<https://github.com/WICG/isolated-web-apps/issues/26>in the WICG repo.
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
N/A. Feature not compiled in Android.
Debuggability
Are there any things that an IWA needs that DevTools can't currently do?
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
No, the initial launch is scoped to ChromeOS only.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No, IWAs are built on top of PWA infrastructure, which isn’t currently
supported by WPT.
Flag name on chrome://flags
#enable-isolated-web-apps
Finch feature name
IsolatedWebApps
Requires code in //chrome?
True
Launch bug
https://launch.corp.google.com/launch/4234446
<https://launch.corp.google.com/launch/4234446>
Measurement
We have histograms measuring the following (see WebApp.Isolated.*):
*
Installation result
*
Update result
*
Orphaned bundle cleanup job result
*
Bundle verification (signature and file format) result
*
Bundle resource read result
Availability expectation
Initially only available on ChromeOS, with other platforms following
at a later date.
Adoption expectation
Expected to be used initially by a small number (<10) number of
partners, but any enterprise admin could develop and deploy an IWA if
they choose.
Adoption plan
Working directly with partners for whom IWAs are an appropriate solution.
Non-OSS dependencies
Key rotations are handled by the Component Updater, which receives
Google-managed configuration data.
Sample links
https://github.com/GoogleChromeLabs/telnet-client
<https://github.com/GoogleChromeLabs/telnet-client>
https://github.com/WICG/controlled-frame/tree/main/test_app
<https://github.com/WICG/controlled-frame/tree/main/test_app>
Estimated milestones
Shipping on desktop
128
Anticipated spec changes
Open questions about a feature may be a source of future web compat or
interop issues. Please list open issues (e.g. links to known github
issues in the project for the feature specification) whose resolution
may introduce web compat/interop risk (e.g., changing to naming or
structure of the API in a non-backward-compatible way).
We recently added support for Integrity Block v2 to Signed Web
Bundles, which hasn’t been spec’d yet. We’re supporting both Integrity
Block formats for a few releases while partners migrate before
dropping support for v1.
Can you say more about this please? Or is there an issue or explainer to
read for more context? Is there a plan to do the spec work?
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5146307550248960
<https://chromestatus.com/feature/5146307550248960>
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMayyUjocrvyQKgu-bZy_4z5VJ0ijHCAijBTZY2xLwJpJQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMayyUjocrvyQKgu-bZy_4z5VJ0ijHCAijBTZY2xLwJpJQ%40mail.gmail.com>
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANtkjcS1A2rO%2BvHnnPXqc6sxhjenearhCGx9vxt%2BcKqM5otDfA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANtkjcS1A2rO%2BvHnnPXqc6sxhjenearhCGx9vxt%2BcKqM5otDfA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d31f1032-fafd-432d-be31-65d22aada7f9%40chromium.org.
