- From: Ben Francis <notifications@github.com>
- Date: Mon, 12 Jan 2015 08:17:05 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Message-ID: <w3c/manifest/commit/a2e8c31ecda1ca7d5673a02e08698e5cf64b5df2/9243955@github.com>
> If the identity of an app is defined by a URL instead of an origin, doesn't that mean that the Web's permission/security model would break for installed Web apps? If you give one app permission to do something, and that is tied to the origin, wouldn't that mean that another app, on the same origin but with a different start URL, would be able to use that permission, too? The Manifest for Web Applications specification currently doesn't have anything to say on the topic of permissions, and therefore this doesn't change anything. However, if permissions are ever defined in the manifest in future it would be interesting to discuss whether those permissions only apply to an application context and are therefore limited to the scope of the app, or whether they apply to the whole origin. In Firefox OS for example privileged permissions are keyed by origin + manifest URL and are only granted to same-origin resources loaded inside the application context with a manifest applied. I think permissions is probably a separate topic to identity though. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/commit/a2e8c31ecda1ca7d5673a02e08698e5cf64b5df2#commitcomment-9243955
Received on Monday, 12 January 2015 16:17:32 UTC