I read the post of both Ryan Stewart and Mike "Mesh" Chambers on a bold plan to connect Adobe AIR with a .NET Proxy (Proof of concept anyway). At first It was a great story and I for one was thinking to myself "hey this could be a sweet approach"..
However, the more I thought about it, the more I wanted to validate some concerns I had. I approached some of our .NET folks with it and this was their response:
"…I’d be afraid of encouraging developers to do this, and what the platform would be like if many applications on it did something like this…"
There were other parts to this, but suffice to say the underlying point is that one could do this via web proxy (whilst slow) and remain in a more safe position.
I don’t know why AIR isn’t looking to open its borders to native OS and it kind of illustrates the elephant in the room, in that when you go X-Platform with one bundle of code, something has to be left on the table. Native access to the operating system is one of these, and if any desktop platform is likely to succeed beyond a "Look ma, I just turned Flash into a desktop experience" then it’s got to be more serious, focus on security (critically important) and ensure real world solutions can be built. In that, eBay AIR application has had no apparent success beyond its launch and furthermore not really sure what unique value AIR offers in this case either other then offline… but who uses eBay offline?
I’d like to think we know a thing or two about .NET and its implications in the wrong hands. I think what Mike is doing is great in terms of approach and concept, but lacks execution (from what I’ve read). I only state this as we have a habit of being labeled the bad guys when something goes wrong .NET related, and wanted to clear the air (no pun intended).
As people move to full trust on the desktop they open an entirely new set of complex security challenges. It’s something not to take lightly but has to be respected.
I think AIR needs to focus more energy in the space of allowing folks the ability to talk back and forth on the native operating system it’s deployed, as this will ensure a much more secure transaction (if done correctly, this is rocket science in many ways) vs. Proxies (probably also why Adobe won’t support this proxy).
Just my 2c.
Note: Red Stickers were provided by design-police.org.