Make support of multiple applications per origin a MUST

[mounirlamouri]

Conclusion of "Single instance mode vs multiple instances in manifest spec" discussion in the mailing list: http://lists.w3.org/Archives/Public/public-sysapps/2013Apr/0205.html

[jmajnert]

A few issues, to begin discussion:

• Should hosted applications sharing an origin go by the regular Web rules and share resources like localStorage, IDB, cookies etc?

IIRC we agree that applications should be sandboxed from each other.

• Should packaged applications be able to share origin with other web content or with hosted applications?

IIRC Jonas and Marcos found it a good idea, but I haven't seen a proposition how to do it yet.

• Should it be possible for packaged apps to share an origin? If so, should they also share localStorage, cookies, DB like regular Web apps? Should they be able to retrieve resources from each other? How to solve naming conflicts (ex. both apps have documentA.html in the same path)?

IMHO packaged apps should not be able to share origin nor any local resources.

• How is a System Application (whether hosted or packaged) identified? Is it by the manifest URL?

Manifest URL should be enough to identify a hosted app. But for packaged apps, which can be delivered via different means, downloaded from different app stores etc. It is a bigger issue. Actually, I'm going to put this into a separate issue (https://github.com/sysapps/runtime/issues/99)

[mounirlamouri]

A few issues, to begin discussion:

• Should hosted applications sharing an origin go by the regular Web rules and share resources like localStorage, IDB, cookies etc?

IIRC we agree that applications should be sandboxed from each other.

We are speaking of running two instance of the same installed applications so I guess the answer is yes.

• Should packaged applications be able to share origin with other web content or with hosted applications?

IIRC Jonas and Marcos found it a good idea, but I haven't seen a proposition how to do it yet.

It seems that there are use cases where this is needed but I haven't heard any very good solution yet.

• Should it be possible for packaged apps to share an origin? If so, should they also share localStorage, cookies, DB like regular Web apps? Should they be able to retrieve resources from each other? How to solve naming conflicts (ex. both apps have documentA.html in the same path)?

IMHO packaged apps should not be able to share origin nor any local resources.

Unless that happens as an side effect from the previous point, I don't think we should make that happen.

[jmajnert]

We are speaking of running two instance of the same installed applications so I guess the answer is yes.

I think we are talking generally. What about instances of completely different installed applications then? Can such apps share origin, local resources, IDB, cookies, localStorage?

[mounirlamouri]

The current runtime spec does not allow that.

[jmajnert]

The current runtime spec does not allow that.

I though we were discussing how to change the spec? The title of this issue is: "Make support of multiple applications per origin a MUST" and it is supposed to be a follow up of this message: "http://lists.w3.org/Archives/Public/public-sysapps/2013Apr/0259.html", where Jonas writes: "Two hosted apps can come from the same origin"

Did I get something wrong?

[jmajnert]

Section 7 of the runtime spec (http://runtime.sysapps.org/#data-isolation) says that two running application instances should be isolated. At least that's how I understand it. So to allow two instances of the same application to share resources, we should clarify this section to distinguish between "running application instances" and "installed applications", or something similar.