On Tue, Jun 2, 2009 at 12:28 PM, Marcin Hanclik <Marcin.Hanclik@access-company.com> wrote: > Hi Henri, > >>>I think it would be preferable to design APIs in such a way that >>>security/privacy aspects of the API are Web-ready, i.e. the same API >>>could be exposed to Web content. (I consider the design of the >>>Geolocation API and it's authorization UI in Firefox Web-ready in this >>>sense.) > There is no problem with the APIs within the Web content. > There is just a difference on the security policy level whether unauthorized Web content (website vs. widget) may access the API. > http://bondi.omtp.org/1.0/security/BONDI_Architecture_and_Security_Appendices_v1.0.pdf, section B.4.(1|2). > Right. This is applicable for BONDI user agents, but not necessarily user agents that use the W3C's DAP-WG APIs. It is unlikely that Web Browsers will become BONDI compliant given the DAP work. -- Marcos Caceres http://datadriven.com.auReceived on Tuesday, 2 June 2009 11:42:57 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT