Re: [w3c/permissions] Describe the permission store using constraints instead of a full model. (#96) from Anne van Kesteren on 2016-05-13 (public-webapps-github@w3.org from May 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 13 May 2016 08:02:48 -0700
To: w3c/permissions <permissions@noreply.github.com>
Cc:
Message-ID: <w3c/permissions/pull/96/r63198276@github.com>

> -    <li>
> -      <var>name</var>
> -    </li>
> -    <li>
> -      <var>settings</var>' <a>origin</a>
> -    </li>
> -    <li>optional UA-specific data like whether <var>settings</var>'
> -    <a>browsing context</a> has a <a>parent browsing context</a>, or
> -    <var>settings</var>' <a>top-level browsing context</a>'s <a>origin</a>
> -    </li>
> -  </ol>
> +
> +  <p>
> +    The UA may store <a>permission entries</a> more persistently than a
> +    <a>realm</a>, but this specification doesn't constrain how.
> +  </p>

It should at least be constrained to origins. Cannot allow new kind of cookies. And ideally we do make it possible for certain permissions to require something more here. E.g., persistent storage isn't really useful without origin-wide permission.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/pull/96/files/6d6282b7405265cabec2c0ee30b69877d77d9dff#r63198276

Received on Friday, 13 May 2016 15:03:57 UTC