W3C home > Mailing lists > Public > public-web-intents@w3.org > August 2012

Passing "origin" with intents

From: ConradIrwin <conrad.irwin@gmail.com>
Date: Sun, 26 Aug 2012 19:32:11 -0700
Message-ID: <CAOTq_puNkc6cmuvUbEE18+F6LEs++P2gj0rL8VRVR1nbxyoPdQ@mail.gmail.com>
To: public-web-intents@w3.org
Hi all,

I saw some earlier mention [1] of the inability for web-intents to
obtain the origin of the calling site.

Is this something that will be added?

I am also working on an authentication protocol; and without the
ability to verify the origin of a message, WebIntents are almost
useless. (I can work around it by making the call to the intent from a
content-script running in my chrome extension that shares a secret
with the intent; but that feels very fragile).

A couple of other use-cases for including the origin could be:
 Content-filtering: If I am running an image sharing web-intent, I
might want to block content from http://*.xxx.
 UI enhancement: If I am running an editing web-intent, it would be
nice to be able to tell the user "return to <origin>"
 Authentication: If I am running an authentication web-intent, it's
essential to know which website is asking for the user's identity (I
don't want to give it to a malicious 3rd-party by accident).

Conrad

[1] http://lists.w3.org/Archives/Public/public-web-intents/2012May/0012.html
Received on Monday, 27 August 2012 02:32:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:14:47 UTC