We need an application delivery mechanism that provides assurances on app integrity and authenticity, and also allows for well-defined application & privilege scope enforcement so integrity can be maintained at runtime.
We Apps will extend be packaged within a zip file format, along with the appcache OWA manifest and a signature. This package will be provided to include hashes of all the app core assets ( HTMLstore for the review, JS, CSS, media)which will then sign it upon approval. App store authenticates and reviews all assets against this manifestUpon installation, verifying the client will verify that the rationale provided for explicit permissions meets the app behavior. Both manifests are then signed by the signature is valid and chains to a trusted app store, and verified by the client at install time.
This proposal allows Trusted and certified apps will be accessed via a unique scheme (app assets ://). The domain will correspond to still live on website, but have many the source of the benefits of code signingapp. It requires developers to keep different versions separate on their site as they may have different versions circulating in For example, if an app is from "mozilla.org" the corresponding URI for the wild, and a hash mismatch will result in installation failureapp would be "app://mozilla.org".
==Open questions==
