- From: Tobie Langel <tobie@sensors.codespeaks.com>
- Date: Tue, 17 Nov 2015 22:50:51 +0100
- To: Satoru Takagi <sa-takagi@kddi.com>, public-browserobo@w3.org
On Thu, Nov 12, 2015, at 03:53, Satoru Takagi wrote: > Therefore we imagine the other method as follows: > > It is an execution limitation function of API similar to same origin > policy combining an identifier with a meaning > such as window.navigator.userAgent. So this is just an identifier for a particular hardware setup, right? > *The developers make the identifier by the URL corresponding to each > machine which they have created. The URL may > have Web of the explanation about the machine. But it is only a URL that > is necessary in this mechanism. > > *The developers set the URL to window.navigator.userAgent-like readonly > attribute of the web runtime embedded in > that machine. This setting should be set as runtime environment. > *Low level APIs such as webIGPIO or webI2C shall work only in application > software to belong to a domain same as > that URL attribute, unless special setting such as CORS is accomplished. So this ties a particular hardware setup to a unique origin? This origin would then act like a directory of authorized applications by opening them up through CORS. That seems like a very centralized solution. I feel like a solution similar to how you say USB or Bluetooth works might be harder to organize but end up providing a more open (and thus more successful) solution. Best, --tobie
Received on Tuesday, 17 November 2015 21:51:15 UTC