Hello,
Sorry if this is considered off topic here. If so, please advise where this kind of question should be posted.
So far what I've seen from videos and little bit tried myself also Polymer, I see great advantages what Web Components and project like Polymer can do in applications development in many aspects. One of the aspects is security, which is quite essential by todays standards to get acceptance using something beyond hobbyists. Thus, with web components it's possible to get cleaner applications with less probability of side effects, like leaking, in general. Perhaps smaller main portion of the application also as the code moves more in reusable libraries which are then loaded on demand.
So all of this above made me think, has there been yet any thought how it would be possible to sign those component libraries and then verify on load before execution?
I think it would be great to be able to do that, it would be a exceptionally good idea and cost saver from auditing perspective. I'm not sure if that kind of feature has been proposed, planned or even implemented somewhere, what parts of it should be a part of web browser and which parts standardised representation in components, but certainly the modular structure of Polymer kind of thing would benefit it AFAIK.
That's short for what I'm thinking, and it would be great to hear what others think about it. I know, been there done that, that security is not usually the first thing that comes in minds of developers, but in todays world it should more often than in past already in quite early stages of projects. Security is best implemented all the way not just quickly added ad-hoc afterwards. This is why I thought it would be nice to hear has anyone yet thought about these matters?
Cheers,
:-) riku
ps. Little background, I'm not active developer, least not anymore, though I've earned my living 7.5 years long time ago developing applications in my earlier career. I've been since more on networking, network management, security, sysadmin and do some integration to get applications talk to each other when needed. I like to follow new trends in software development and play with some that I find interesting. Polymer clearly stands out being a very interesting development direction, perhaps most interesting I've seen in decade.