Re: [w3ctag/spec-reviews] Review Web Bluetooth (#139)

Thank you for review!

Re: Limiting access to the top-level document only?: 
We have an outstanding [issue](https://github.com/WebBluetoothCG/web-bluetooth/issues/180) to address that. Note that sandbox, [permission-delegation-api](https://noncombatant.github.io/permission-delegation-api/) and to some degree [feature-policy](https://wicg.github.io/feature-policy/) are relevant. For the time being Chromium allows [only top level iframes](https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/http/tests/bluetooth/https/requestDevice/cross-origin-iframe.html?q=f:bluetooth+f:cross-origin-iframe.html+%22called+from+cross-origin+iframe%22&sq=package:chromium&l=17).


Re: GATT blacklist file formats, why not JSON?
We desired comments & minimal parsing complexity. I've added this to the spec's companion [rationale document](https://github.com/WebBluetoothCG/web-bluetooth/blob/master/rationale.md#why-is-the-blacklist-at-httpsgithubcomwebbluetoothcgregistries-a-custom-file-format).


Re: Blacklist term may be offensive.
I've filed https://github.com/WebBluetoothCG/web-bluetooth/issues/327 to use a descriptive term.


Re: Blacklist policy?
We have an [initial policy documented](https://github.com/WebBluetoothCG/registries/blob/master/gatt_blacklist_policy.md).


Re: Fingerprinting
The API minimizes the increase to passive fingerprinting, but we have experimentally drafted navigator.bluetooth.getAvailability ([fingerprinting impact discussed in spec](https://webbluetoothcg.github.io/web-bluetooth/#availability-fingerprint)). When users actively pair devices they select data sources comparable to that of local file resources. The benefit and exposure are intrinsically linked.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/spec-reviews/issues/139#issuecomment-257721341