You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: specs/packaging/index.html
+30-6Lines changed: 30 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -142,7 +142,8 @@ <h2>root files</h2>
142
142
<li><code>app.css</code> is responsible for the global CSS style for all MiniApp pages.</li>
143
143
<li><code>app.js</code> is responsible for the service logic of the MiniApp as well as the lifecycle management of it, such as launching, showing and hiding the MiniApp.</li>
144
144
</ul>
145
-
145
+
</section>
146
+
<section>
146
147
<h2>pages</h2>
147
148
<p>
148
149
The <code>pages</code> directory contains sets of files for the display and user interaction of all MiniApp pages. Each set of files that shares the same base file name (e.g. 'page1') with different extension names describe a particular page on different aspects, such as the service logic (e.g. page1.js), the configuration (e.g. page1.json), the structure (e.g. page1.xml) and the style (e.g page1.css). Developers can choose to put all page files directly under the <code>pages</code> directory in a flat manner, or organize them in different sub-directories for different pages.
@@ -154,14 +155,40 @@ <h2>pages</h2>
154
155
<li>A <code>.css</code> file is responsible for the CSS style of a MiniApp page.</li>
155
156
<li>A <code>.js</code> file is responsible for the service logic and lifecycle management (defined in <ahref="https://w3c.github.io/miniapp/specs/lifecycle/">MiniApp Lifecycle</a>) of a MiniApp page.</li>
156
157
</ul>
158
+
</section>
157
159
158
-
159
-
160
+
<section>
160
161
<h2>common</h2>
161
162
<p>The <code>common</code> directory contains common resources such as components, multimedia resources, and utils (js files). Developers can choose to put all resource files directly under the <code>common</code> directory in a flat manner, or organize them in different sub-directories as needed.</p>
162
163
</section>
163
164
</section>
164
165
166
+
<section>
167
+
<h2>Security & Privacy Considerations</h2>
168
+
169
+
<section>
170
+
<h2>Integrity & Trustworthiness</h2>
171
+
<p>
172
+
To ensure the integrity and trustworthiness, a MiniApp package should be protected by one or more digital signatures by the author (e.g. the MiniApp developer) and/or distributors (e.g. an application store) along with certificates issued by trusted authorities.
173
+
<li>A digital signature (with a valid certificate) by the author ensures the origin of the MiniApp, so that an end user or a hosting platform can decide whether to install the MiniApp package according to the knowledge about the author (e.g. credits, blacklist, quality).</li>
174
+
<li>A digital signature (with a valid certificate) by a distributor ensures the integrity of the package and trustworthiness of the delivery channel, so that the end user can be protected from tampered software and can benefit from a healthier ecosystem. </li>
175
+
</p>
176
+
177
+
<p>
178
+
Proven technologies such as [[RFC5652]](i.e. PKCS#7) can be used as the solution of the digital signatures for MiniApp package. Further evaluation is expected regarding whether it needs to be standardized in detail (e.g. the content scope under protection, additional attributes of concern, file format of the signature block, procedures), or is left to the discretion of implementations.
179
+
</p>
180
+
</section>
181
+
182
+
<section>
183
+
<h2>Confidentiality</h2>
184
+
<p>
185
+
There is no requirement to develop a standardized encryption mechanism for the MiniApp package to protect its confidentiality. However, it doesn't preclude an implementation from deploying some encryption mechanism for special purpose.
186
+
187
+
</p>
188
+
</section>
189
+
190
+
</section>
191
+
165
192
<section>
166
193
<h2>IANA Considerations</h2>
167
194
<p>
@@ -171,9 +198,6 @@ <h2>IANA Considerations</h2>
171
198
A temporary solution could be <code>application/x-w3c-miniapp-pkg+zip</code> for the sake of any early implementation.
0 commit comments