On Thu, Nov 19, 2009 at 4:49 PM, Marcin Hanclik <Marcin.Hanclik@access-company.com> wrote: > Hi Jonas, Maciej, > > It seems that the policy that you would accept would be: > > <policy-set combine="deny-overrides"> > <policy description="Default Policy for websites. Simply denying all API that are covered by some device capability:) "> > <target> > <subject> > <subject-match attr="class" match="website" func="equal"/> > </subject> > </target> > <rule effect="deny"> > <condition> > <resource-match attr="device-cap" func="regexp">/.+/</resource-match> > </condition> > </rule> > </policy> > </policy-set> > > Let's see how DAP will evolve then. Given that I don't know the specifics about this policy format I can't comment on the above policy specifically. However I will note that the security experts at Mozilla did agree that opening a non-modal dialog asking for access to geo-location was considered acceptable, as I noted in a previous email. I don't know what effect that has on the above policy. I don't know what policy other browsers have used in this area. / JonasReceived on Friday, 20 November 2009 01:04:52 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:01 GMT