- From: Marcos Caceres <w3c@marcosc.com>
- Date: Mon, 8 Apr 2013 09:11:55 +0100
- To: John Lyle <john.lyle@cs.ox.ac.uk>
- Cc: "public-sysapps@w3.org" <public-sysapps@w3.org>
On Monday, April 8, 2013 at 9:08 AM, Marcos Caceres wrote: > > > > On Monday, April 8, 2013 at 8:17 AM, John Lyle wrote: > > > On 08/04/2013 05:32, Jonas Sicking wrote: > > > I personally don't think it's a good idea to ask the user which websites > > > an app should be able to connect to outside of the usual web SOP. > > > > > > This is a very technical question and very few users are likely to > > > understand the implications of such a question. > > > > > > > > > > > > I strongly agree. > > > > Realistically, at most only three agents should be involved in this decision: > > > > (1) The app developer should define the origins with which the app needs to communicate (definition of least privilege) > To clarify, by "define" I think you mean the app developer should attempt to access the origins through some means (e.g., XHR, an ing tag, a script tag, etc.). that's an "img" tag… autocorrect strikes again! :) > CSP rules in the manifest may intervene at this point. But you don't mean that the app developer declares those origins in a list within the JSON manifest, right? > > (2) The origin should define the applications with which it is prepared to communicate (access control) > > (3) The user agent may intervene based on a list of known malicious origins (host based malware protection) > > > > Where (2) might be skipped for privileged native-replacement apps, particularly those with access to raw sockets, and (3) seems outside of the scope of standardisation, but could be mentioned in the security considerations for UA implementers. > > Agree with 2 and 3. > > -- > Marcos Caceres -- Marcos Caceres
Received on Monday, 8 April 2013 08:12:30 UTC