Isolated Web Apps

[reillyeon]

WebKittens

@marcoscaceres @dcrousso

Title of the spec

Isolated Web Apps

URL to the spec

https://github.com/WICG/isolated-web-apps/blob/main/README.md

URL to the spec's repository

https://github.com/WICG/isolated-web-apps

Issue Tracker URL

No response

Explainer URL

No response

TAG Design Review URL

https://github.com/w3ctag/design-reviews/issues/842

Mozilla standards-positions issue URL

https://github.com/mozilla/standards-positions/issues/799

WebKit Bugzilla URL

No response

Radar URL

No response

Description

This proposal provides a way to build applications using web technologies that will have useful security properties unavailable to normal web pages. To enable stronger security these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer.

The explainer is divided into 4 documents:

• The main explainer covers the overall goals of the proposal.
• The scheme explainer covers the design of the proposed isolated-app:// scheme.
• The permissions explainer covers an addition to the Web Application Manifest which allows a minimum Permissions Policy to be applied to the entire application.
• The updates explainer covers how applications will be updated.

I introduced this proposal to @marcoscaceres and @dcrousso at TPAC 2022 and they asked me to request this standards position.

[annevk]

It seems this depends on Web Bundles which I don't think WebKit has taken a position on.

[reillyeon]

Note that this and Subresource loading with Web Bundles both depend on Web Bundles as an on-disk format but the interactions with the loading model are quite different.

[robbiemc]

FYI, Chromium is rolling out an implementation of this proposal in a limited fashion (admin-controlled installation for managed users on ChromeOS devices). See https://groups.google.com/a/chromium.org/g/blink-dev/c/iMfYonTs414.