- From: Lukasz Olejnik <notifications@github.com>
- Date: Wed, 31 Jan 2018 03:11:41 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 31 January 2018 11:12:10 UTC
After London F2F. We're quite concerned with transitivity of delegations. It's somewhat a question of web security architecture. > <iframe src="https://honest.com" allow="geolocation; microphone; camera"></iframe> If (original origin) _example.com_ delegates permission to honest.com, can _honest.com_ delegate this further, for example to _dishonest.com_? What would be the control over this transitivity of "allow" attribute? Wondering how to address the issue of transitivity. One thing that comes to mind is a special attribute allowing transitivity. Then comes further questions, how to actually make webdevs to choose appropriately. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/225#issuecomment-361900867
Received on Wednesday, 31 January 2018 11:12:10 UTC