Labs/Apps/Browser Native Repositories
Browser-native implementations can take deeper security measures, and integrate more with desktop and mobile operating systems, than a pure web-content dashboard. We propose that experimental integration with browser-native functions be organized under a "window.navigator.apps" object. New methods can be attached at this point and made available, in a limited way, to browser-native or web-based application dashboards.
Specific directions for browser integration include:
- Implementation of an installed application repository that resides in secure, tamper-evident desktop storage (e.g. with a digital signature), with a more secure installation flow.
- Ability to launch applications into an "app tab" or "pinned tab" that has a fixed location in the tab bar, or in a separate process with its own icon, menu-bar, etc.
- Access to OS-level notification systems - see Labs/Apps/Notifications.
- Use of the capabilities field of the manifest for integration with browser-based permission APIs, including camera, microphone, geolocation, storage, file access, and cross-domain network access - see the W3C Device APIs and Policy working group, especially the Permissions for Device API Access working draft, for some current work on this.
- Ability to launch applications into a "chromeless" mode (with no toolbars, location bar, or forward or backward buttons).
- Ability to launch web workers to perform background processing or notification polling.
- Integration with push-based notification or message delivery systems.
Any access to browser or OS-level functionality should require a more stringent installation step, and may require verification of the manifest - see Security and Privacy Considerations.