W3C home > Mailing lists > Public > public-media-capture@w3.org > June 2014

Re: [Bug 22214] How long do permissions persist?

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Fri, 13 Jun 2014 20:10:38 -0400
Message-ID: <539B92FE.70008@bbs.darktech.org>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 13/06/2014 12:47 PM, Martin Thomson wrote:
> On 13 June 2014 07:08, cowwoc <cowwoc@bbs.darktech.org> wrote:
>> I asked before but don't recall getting an answer: is the permission scope
>> (for HTTPS) the same as the HTTPS certificate? Meaning, does it span
>> multiple domains if the certificate does? Or is it for a single domain? Or
>> is it unspecified?
>
> The grant is for the origin to which permission was granted.  The
> details of the certificate do not matter at this level.
>
> If you have a wildcard for *.example.com, that doesn't allow you to
> have https://foo.example.com use persistent permissions for
> https://www.example.com.  Nor would it allow
> https://www.example.com:9000 to use the same permissions.

Okay. Are there any objections to granting permissions to a certificate 
instead of to a single domain? Meaning, instead of granting permission 
to google.com, I'd grant permission to Google the company and implicitly 
to all domains and sub-domains covered by their certificate.

 From a trust point of view, if I don't trust Google I wouldn't grant 
google.com permission and on the flip side if I trust google.com I don't 
see a reason not to trust google.ca.

What do you think?

Gili
Received on Saturday, 14 June 2014 00:12:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:24:48 UTC