- From: POTONNIEE Olivier <Olivier.POTONNIEE@gemalto.com>
- Date: Thu, 20 Mar 2014 16:18:26 +0100
- To: Marcos Caceres <w3c@marcosc.com>, "public-sysapps@w3.org" <public-sysapps@w3.org>, "Nilsson, Claes1" <claes1.nilsson@sonymobile.com>, "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
- CC: "Sato, Naoyuki (TDG)" <naoyukib.sato@jp.sony.com>, "Isberg, Anders" <anders.isberg@sonymobile.com>, "Igarashi, Tatsuya" <tatsuya.igarashi@jp.sony.com>, "Falk, Mattias" <mattias.falk@sonymobile.com>, "Jovanovic, Zoran" <zoran.jovanovic@sonymobile.com>
Marcos, Do you mean that there should not be "trusted" applications? Isn't it the reason why SysApps WG was created (as stated in the charter)? If we take the "Raw Socket API" example, do you think a simple permission would be ok to restrict its access? -- Olivier > -----Original Message----- > From: Marcos Caceres [mailto:w3c@marcosc.com] > Sent: Wednesday, March 19, 2014 7:03 PM > To: public-sysapps@w3.org; Nilsson, Claes1; Kostiainen, Anssi > Cc: Sato, Naoyuki (TDG); Isberg, Anders; Igarashi, Tatsuya; Falk, > Mattias; Jovanovic, Zoran > Subject: RE: Proposal for an Application Management API > > > > On March 18, 2014 at 12:26:59 PM, Nilsson, Claes1 > (claes1.nilsson@sonymobile.com) wrote: > > > As I state below the API should only be exposed to content that > > can be verified as trusted, which is similar as for the other APIs > > specified by SysApps. If we can consider the traditional browser as > > trusted if use the already available security mechanisms such as > > transport layer security, CSP, and so on, is a bigger question that > is > > not unique for this SysApps API. However, I don't think the API can > be > > exposed to a traditional browser based on a "user consent” model for > > allowing a web app access to the API. > > > I still don’t think we should be standardizing such APIs, tbh - not > unless they are accessible to all developers. Even if we were to > standardize, there would be little value in that we are not going to be > sharing home screen management applications across vendors. I again ask > that we focus on standardization of APIs that directly benefit > developers (i.e., ones that don’t require any centralized authorization > to be used). > > > -- > Marcos Caceres This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Thursday, 20 March 2014 15:19:10 UTC