Apps, Signed Code, and the future

07-25-2011

We've been experimenting with synthesizing native apps for an OpenWebApp recently. I was also reading about the new OS X Lion Sandbox model, and what it means for application deployment and execution.

Lion includes a sandbox mode where signed binary code runs in a privilege-limited sandbox. "Signed", in this case, means that there is a clear line of provenance leading from the code on your system back to a developer (typically keyed on a domain name), and an expression of trust from Apple.

In the Open Web Apps case, we have been talking about creating a native application (a thin wrapper on XUL, but the user doesn't know that) that we allow to create windows on a particular web domain containing some web content. A user action that would leave that domain is handed back to the OS for "careful handling" (probably opening in the user's default web browser).

In both these cases, we are getting closer to a world where every window that the user sees on their screen is directly, provably, linked to some Internet-addressible source. The signed Mac app has been chewed on a little more, but the user doesn't care about that. The code behind those windows has nominally different properties (different update schedules and routines; different distribution channels; etc.) but very little of that rises to the level of user interest if we do it right. In the smartphone case, we are even closer to this model, today.

I was struck by a comment I saw on an article about the Boot2Gecko project, which said, "there are just too many situations where offline applications are far superior. Plus, security is just never tight enough on anything which is cloud-served." That commenter has clearly not internalized where things are going - web applications will have full offline capabilities, and all native applications (and operating systems!) will be cloud-served. The difference, which he is expressing imprecisely, is that he feels better about the distribution of complete applications through an update-and-distribution process that is obvious, visible, and atomic. Is this an artifact of the "old days" of offline software distribution, or are there real differences that matter enough to build into our systems?

Tags: apps lion crypto
blog comments powered by Disqus