- From: Marcos Caceres <w3c@marcosc.com>
- Date: Wed, 19 Mar 2014 14:03:03 -0400
- To: "public-sysapps@w3.org" <public-sysapps@w3.org>, Nilsson, Claes1 <claes1.nilsson@sonymobile.com>, Kostiainen, Anssi <anssi.kostiainen@intel.com>
- Cc: "Sato, Naoyuki (TDG)" <naoyukib.sato@jp.sony.com>, Isberg, Anders <anders.isberg@sonymobile.com>, Igarashi, Tatsuya <tatsuya.igarashi@jp.sony.com>, Falk, Mattias <mattias.falk@sonymobile.com>, Jovanovic, Zoran <zoran.jovanovic@sonymobile.com>
On March 18, 2014 at 12:26:59 PM, Nilsson, Claes1 (claes1.nilsson@sonymobile.com) wrote: > > As I state below the API should only be exposed to content that > can be verified as trusted, which is similar as for the other APIs > specified by SysApps. If we can consider the traditional browser > as trusted if use the already available security mechanisms > such as transport layer security, CSP, and so on, is a bigger question > that is not unique for this SysApps API. However, I don't think > the API can be exposed to a traditional browser based on a "user > consent” model for allowing a web app access to the API. I still don’t think we should be standardizing such APIs, tbh - not unless they are accessible to all developers. Even if we were to standardize, there would be little value in that we are not going to be sharing home screen management applications across vendors. I again ask that we focus on standardization of APIs that directly benefit developers (i.e., ones that don’t require any centralized authorization to be used). -- Marcos Caceres
Received on Wednesday, 19 March 2014 18:03:29 UTC