- From: Sam Penrose <spenrose@mozilla.com>
- Date: Wed, 6 Aug 2014 11:00:27 -0700 (PDT)
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WebApps WG <public-webapps@w3.org>
> From: "Anne van Kesteren" <annevk@annevk.nl> > On Wed, Aug 6, 2014 at 5:25 AM, Sam Penrose <spenrose@mozilla.com> wrote: > > Web apps suffer particularly due to non-http URIs and cookie segregation. > > We would like feedback on the specific APIs suggested, as well as the > > overall problem framing. Thank you for your consideration. > > One problem I have with OAuth or perhaps the implementation thereof by > services around the web is that it is typically all-or-nothing. E.g. > currently I can visit Google Maps and opt to not share my location. > But I cannot login to some services without giving them access to post > on my Facebook wall. > > I guess there is not much that can be done about this other than > encouraging services to provide such granularity. We absolutely should try to encourage granularity! The Chrome identity API for web apps (which I should have cited as influential prior art -- fix coming) allows adding scopes. I created an issue in the repo: https://github.com/SamPenrose/ua-augmented-auth/issues/8 Thanks for the reminder!
Received on Wednesday, 6 August 2014 18:00:54 UTC