Difference between revisions of "Isolated Web App"
(Created page with "==Full Title or Meme== An Isolated Web App is packaged into Web Bundles, signed by their developer, and distributed to end-users. ==Context== Isolated Web Apps extend Pro...") |
(→Context) |
||
Line 3: | Line 3: | ||
==Context== | ==Context== | ||
− | Isolated Web Apps extend Progressive Web App installation and Web Packaging to provide stronger protection against server compromise and other tampering. A small set of security-sensitive applications require this to migrate from Chrome Apps, Electron, or other web-adjacent solutions. | + | Isolated Web Apps extend [[Progressive Web App]] installation and Web Packaging to provide stronger protection against server compromise and other tampering. A small set of security-sensitive applications require this to migrate from Chrome Apps, Electron, or other web-adjacent solutions. |
Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer. | Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer. | ||
Line 12: | Line 12: | ||
Explainer | Explainer | ||
https://github.com/reillyeon/isolated-web-apps/blob/main/README.md | https://github.com/reillyeon/isolated-web-apps/blob/main/README.md | ||
− | |||
==Motivation== | ==Motivation== |
Revision as of 18:29, 14 September 2022
Full Title or Meme
An Isolated Web App is packaged into Web Bundles, signed by their developer, and distributed to end-users.
Context
Isolated Web Apps extend Progressive Web App installation and Web Packaging to provide stronger protection against server compromise and other tampering. A small set of security-sensitive applications require this to migrate from Chrome Apps, Electron, or other web-adjacent solutions.
Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer.
Blink component UI>Browser>WebAppInstalls>Isolated (component request filed)
Explainer https://github.com/reillyeon/isolated-web-apps/blob/main/README.md
Motivation
Content Security Policy (CSP) provides strong protection against cross-site scripting (XSS) vulnerabilities. Transport Layer Security (TLS) and Subresource Integrity (SRI) provide protection against resources being tampered with in transit or when hosted on third-party servers. However, the threat model for some particularly security sensitive applications includes the main application server itself being compromised and serving malicious content. This goes beyond the protections that current policies can provide and requires exploring alternative ways that these applications could be distributed and validated.