Hi all, Within the Geolocation Working Group we've been discussing a few different methods of securing the location API, one of which is described below by Doug Turner [1]: On May 21, 2009, at 6:02 PM, Doug Turner wrote: > got some feedback on this. this isn't how it works today, but I > think it is the way it should work in the future. Even more so, I > have been considering restricting device apis (like geolocation) to > top level documents only and prevent iframes from accessing this > APIs. I did get some push back in Dec when I suggested this at our > w3c devices workshop (are the notes anywhere for this? thomas?). > This will break many of the sites like igoogle and others that embed > content from remote origins. However such sites, could use > something like PostMessage to explicitly send data. > > Is this an overkill? Thoughts? This seems like an idea on which both WebApps and the Device API and Policy WG's would be interested in contributing to a discussion. Already some members of those groups have already been contributing in this thread [2]. (We're tracking this as ISSUE-9 [3]) Thank you, -Matt Womer [1] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0053.html [2] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0055.html [3] http://www.w3.org/2008/geolocation/track/issues/9Received on Monday, 15 June 2009 17:41:50 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT