Apps/WebRT/TechQuestions
Open Questions for WebRT:
Contents
Should applications have the same HTTP proxy, firewall, certificate settings as Firefox?
Should applications write history events into the same history log used by Firefox? Should they receive their own, independent, history stream? Or no history?
Should applications live in the same cookie context as Firefox and all other applications?
Should applications have the same local storage context as Firefox?
Interactions with master password
Applications could cause a master password login; best-case, this should be done in a way that the password is never entered into the application's event stream.
Platform Effort Matrix
For each platform, we assess a native-feeling install, launch, and uninstall.
Windows Classic:
- Install:
- Launch:
- Uninstall:
Android:
- Install:
- Launch:
- Uninstall:
MacOS:
- Install:
- Launch:
- Uninstall:
Windows Metro:
- Install:
- Launch:
- Uninstall:
Arguments
If Cookies and Local Storage are shared:
- The user stays signed on to all their services across Firefox and Apps
- Switching to another user changes Firefox as well
- There is no way to have two copies of the app open as different users
- Deleting cookies in Firefox will cause the app to become depersonalized
If History is shared:
- Firefox can revisit application state - this is a strange interaction
If Network Configuration is NOT shared:
- Apps will sometimes break, badly, because of a change to the user's ambient network environment
- Advanced users will be able to connect an app to the network in a different way than the rest of their client environment, e.g. for VPN access.
mhanson's opinions
In my perfect world, I would argue for:
- Cookies and local storage are not shared
- A mechanism exists to provide single-sign-on into apps that works despite cookies and localStorage not being shared; perhaps this mechanism can be used more broadly to enable other forms of app-to-browser state sharing.
- History is never shared
- Network configuration is shared by default, but an advanced mode exists to unlink it.
User Stories
(these are fairly advanced users, but their feedback is earnest and pointed)
User 1: FWIW, I'm a webrunner user and I use (well, used, as it's now broken) it for exactly the use cases Matt described. I ran my Google Apps as one webrunner app and my Gmail/Google+ as a separate webrunner app, both separate from my browser. For this, I needed separate profiles, separate cookies, and it was very useful to have separate extensions in each, as this gave me greasemonkey-like customization of Google Apps with better performance. I could care less about bookmarks as I do all my browsing in my Firefox instance. The most important thing for me was that they're separate profiles that don't talk to one another. Memory consumption was of little importance, more important was that they had their own icon, could be associated with actions like clicking on mailto: links, etc.
I don't know what I'm going to do now to handle multiple Google account without constantly switching. (sad face)
User 2: I'll just chime in here as another Prism/Webrunner orphan who has similar requirements. We use Prism/Webrunner for our intranet web application, and having it isolated from web browser is pretty important. One argument not mentioned so far is the ability to set up different firewall rules for browser, and different for Webrunner.