Web App

From MgmtWiki
Revision as of 08:59, 19 October 2020 by Tom (talk | contribs) (Internal Material)

Jump to: navigation, search

Full Title or Meme

A digital User Experience that is operating on a User Device and is typically supplied by the Web Site. Also known as a Progressive Web Application (PWA).

Context

  • As the functionality of the Web Browsers and HTML 5 becomes ever more capable, a Web Site can generate a Web App entirely within the browser.
  • There is no real demarcation between a Web Site and a Web App except for the existence of a Web App Manifest.
  • Typically the Native App will run on a User Device in the user's physical possession, but it is possible that the agent is running on a service in The Cloud.
  • The Native App may act like a browser and supply an HTTP user agent string, but it should not be considered to be a User Agent.
  • The Native App may act like a web server by registering Native App URI Handlers so that it will receive registered URLs entered into the browser.

Problems

  • The user will be hard pressed to distinguish between a Web App and a Native App which is a problem as the operating of the environment of the Web App is constrained by the browser that is selected by the user, while the Native App can ask for access to device capabilities that are not available to the Web App.

Solutions

Security

  • Web apps can be downloaded by the web site at any time. To be labeled as an app by the device, the user will be asked to allow that. One it is allowed, the app can be updated at any time by the web site.
  • WebCrypto was enabled in Chrome 37 2014-08-26.
  • Web Cryptography was enabled on webkit for Apple Safari and related packages on 2017-07-21.
  • It is not at all clear if hardware protection is provided for keys created by web apps. See the spec.
    While it is assumed that most user agents will be interacting with a cryptographic provider that is implemented purely in software, it is not required by this specification. As a result, the capabilities of some implementations may be limited by the capabilities of the underlying hardware, and, depending on how the user has configured the underlying cryptographic library, this may be entirely opaque to the User Agent.

References

Internal Material

  1. Apps on User Devices wiki page comparing web app and native app issues
  2. Native App Security page in this wiki
  3. Native App Privacy page in this wiki
  4. W3C page on web apps best practices as of (2010-12-10).
  5. Progressive Web App page in this wiki

External Material

  1. Web APIs When writing code for the Web, there are a great many Web APIs available. The link contains a list of all the APIs and interfaces (object types) that you may be able to use while developing your Web app or site. Web APIs are typically used with JavaScript, although this doesn't always have to be the case.]