- From: Mounir Lamouri <mounir@lamouri.fr>
- Date: Thu, 13 Nov 2014 23:16:08 +1100
- To: Daniel Veditz <dveditz@mozilla.com>, public-webappsec@w3.org, hillbrad@gmail.com
- Cc: Marcos Caceres <w3c@marcosc.com>, mkwst@google.com
On Thu, 13 Nov 2014, at 06:45, Daniel Veditz wrote: > On 11/12/2014 10:06 AM, Mounir Lamouri wrote: > > I would like to suggest to add permissions handling as part of the > > webappsec charter with one concrete deliverable being the Permissions > > API specification. > > Have you approached other working groups about this specification, and > if so what was their response? This isn't really a security feature (the > permissions themselves may be, but not just reading their state) so it > seems better suited for some place like public-webapps. > > Is it necessary to distinguish between "denied" and "prompt"? If a > permission isn't already granted I'm not sure it's any of the page's > business whether I've denied them or not -- they should (try to) ask if > they want to know. I approached WebApps, obviously. I think the group would take the deliverable if it didn't re-chartered recently. Arthur (co-chair) recommended that I propose it to webappsec instead. I personally have no preference between webapps and webappsec but on a practical matter, having the spec here would allow us to move forward. I think Mike suggestion to have this as a joint deliverable is great. Regarding the details of the API, I've added an example underlining why 'denied' is an interesting value to have: https://w3c.github.io/permissions/#examples -- Mounir
Received on Thursday, 13 November 2014 12:16:33 UTC