Re: [w3ctag/design-reviews] Permission Delegation (#225) from Alex Russell on 2018-04-17 (public-webapps-github@w3.org from April 2018)

From: Alex Russell <notifications@github.com>
Date: Tue, 17 Apr 2018 15:24:57 +0000 (UTC)
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/225/382033623@github.com>

@raymeskhoury: sorry for the slow reply. Runtime capabilities aren't analogous to SSN's; they are capabilities to perform actions, not portable context-free identifiers. Yes, collusion between origins is always possible (particularly on the backend), but the ability for origins to abuse users at a business level is no reason for us to pervasively enable it at runtime.

More to the point, one-time location recording is (again) not analogous to the continuous ability to read one's location. We create UI and mediate relationships between users and origins with browser UI based on exactly these API contracts.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/225#issuecomment-382033623

Received on Tuesday, 17 April 2018 15:25:23 UTC