Difference between revisions of "Isolated Web App"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== An Isolated Web App is packaged into Web Bundles, signed by their developer, and distributed to end-users. ==Context== Isolated Web Apps extend Pro...")
 
(Context)
 
Line 3: Line 3:
  
 
==Context==
 
==Context==
Isolated Web Apps extend Progressive Web App installation and Web Packaging to provide stronger protection against server compromise and other tampering.  A small set of security-sensitive applications require this to migrate from Chrome Apps, Electron, or other web-adjacent solutions.
+
Isolated Web Apps extend [[Progressive Web App]] installation and Web Packaging to provide stronger protection against server compromise and other tampering.  A small set of security-sensitive applications require this to migrate from Chrome Apps, Electron, or other web-adjacent solutions.
  
 
Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer.
 
Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer.
Line 12: Line 12:
 
Explainer
 
Explainer
 
https://github.com/reillyeon/isolated-web-apps/blob/main/README.md
 
https://github.com/reillyeon/isolated-web-apps/blob/main/README.md
 
  
 
==Motivation==
 
==Motivation==

Latest revision as of 17:29, 14 September 2022

Full Title or Meme

An Isolated Web App is packaged into Web Bundles, signed by their developer, and distributed to end-users.

Context

Isolated Web Apps extend Progressive Web App installation and Web Packaging to provide stronger protection against server compromise and other tampering. A small set of security-sensitive applications require this to migrate from Chrome Apps, Electron, or other web-adjacent solutions.

Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer.

Blink component UI>Browser>WebAppInstalls>Isolated (component request filed)

Explainer https://github.com/reillyeon/isolated-web-apps/blob/main/README.md

Motivation

Content Security Policy (CSP) provides strong protection against cross-site scripting (XSS) vulnerabilities. Transport Layer Security (TLS) and Subresource Integrity (SRI) provide protection against resources being tampered with in transit or when hosted on third-party servers. However, the threat model for some particularly security sensitive applications includes the main application server itself being compromised and serving malicious content. This goes beyond the protections that current policies can provide and requires exploring alternative ways that these applications could be distributed and validated.

References