- From: Zoltan Kis <notifications@github.com>
- Date: Thu, 05 May 2016 03:11:42 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
- Cc:
- Message-ID: <w3ctag/spec-reviews/issues/64/217117926@github.com>
I like the approach taken in the [OIC Core specification](http://openconnectivity.org/resources/specifications): - use an opaque device ID (there a UUID) to identify the device (meaning an OIC stack instance there, but a physical device here), and - use a device-relative path to identify classes and instances of resources (sensors, actuators). We could play with the scope and lifetime of device IDs: per publishing, per session/origin, etc. API implementations may use the device id's but don't necessarily have to expose them; in most cases it will be enough to expose the resource path (e.g. ```/myapp/temperature_sensor_1x_C```). >> Updated! https://w3ctag.github.io/design-principles/ > Cool, but note that https://w3ctag.github.io/design-principles/#device-apis doesn't address the main question from this issue: how should a site be able to learn that a BluetoothDevice and a MediaDeviceInfo represent the same physical device? I guess it depends on the context. The questions are: what is the *threat* knowing that, whether the threat is site-specific, what is the policy used against it, is the user permission enough, etc. If these are hard to define or control, the information is best not exposed. But if the possibility of identifying the device is there by other means, and the threat is minor, why not expose if there is a use case? BTW, what is the use case? :) --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/issues/64#issuecomment-217117926
Received on Thursday, 5 May 2016 10:12:17 UTC