- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 19 Nov 2009 07:58:52 -0800
- To: Robin Berjon <robin@berjon.com>
- Cc: public-device-apis@w3.org, public-webapps WG <public-webapps@w3.org>
On Thu, Nov 19, 2009 at 3:24 AM, Robin Berjon <robin@berjon.com> wrote: > Finally, we can all talk about policy and trust in browsers until we're bluer in the face than a hypothermic smurf the fact of the matter is that I don't believe that this is a case where discussion can produce consensus. There are use cases for policy, and solutions for those will be developed at the very least for the widgets landscape. If it so happens that they yield interesting innovative stuff that could be useful in browsers, then it'll be easy to point to it as proof and demo. Far easier than to argue about it, and it'll happen faster if we create the technology rather than talk about it :) I don't believe you can design secure APIs by first implementing the APIs and then worrying about security later. That's the road that leads to systems like User Account Control (UAC). Instead, you need to understand the security requirements up-front and design your APIs to match. If you ignore input from browser vendors who've been working with these issues for years, it's unlikely you'd design something they'll find palatable. Adam
Received on Thursday, 19 November 2009 15:59:44 UTC