W3C home > Mailing lists > Public > public-sysapps@w3.org > September 2013

Permissioning, Re: Clarity over direction of work on runtime and security model?

From: Marcos Caceres <w3c@marcosc.com>
Date: Thu, 26 Sep 2013 21:41:03 +0100
To: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
Cc: Kenneth Rohde Christiansen <kenneth.christiansen@gmail.com>, Dave Raggett <dsr@w3.org>, "public-sysapps@w3.org" <public-sysapps@w3.org>, Isberg, Anders <Anders.Isberg@sonymobile.com>
Message-ID: <43A4CFA5FE224CAD95B7610595DF75B4@marcosc.com>

On Wednesday, September 18, 2013 at 10:27 AM, Nilsson, Claes1 wrote:

> Generally we are now in situation where it is very unclear on what should be normatively specified and what should stay implementation specific. I think that we should agree on some plan for web system apps runtime and security that includes:
> 3. What it is expected that each API specification should define relating to runtime and security.

I don't know what is "expected" and by whom, but I'm strongly of the opinion that security needs to be handled at the API level (and is mostly orthogonal to the runtime). For hosted apps, defining permissions at the manifest level seems pointless: it only helps app store reviewers, in which case this should be done inside app stores during application submission. 

Permissioning is a problem we need to solve platform wide. We need to work with other W3C WGs to solve that. 

Kind regards,

Marcos Caceres
Received on Thursday, 26 September 2013 20:41:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:15 UTC