- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 19 Nov 2009 17:03:38 -0800
- To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
- Cc: Maciej Stachowiak <mjs@apple.com>, Adam Barth <w3c@adambarth.com>, Robin Berjon <robin@berjon.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>, public-webapps WG <public-webapps@w3.org>
On Thu, Nov 19, 2009 at 4:49 PM, Marcin Hanclik <Marcin.Hanclik@access-company.com> wrote: > Hi Jonas, Maciej, > > It seems that the policy that you would accept would be: > > <policy-set combine="deny-overrides"> > <policy description="Default Policy for websites. Simply denying all API that are covered by some device capability:) "> > <target> > <subject> > <subject-match attr="class" match="website" func="equal"/> > </subject> > </target> > <rule effect="deny"> > <condition> > <resource-match attr="device-cap" func="regexp">/.+/</resource-match> > </condition> > </rule> > </policy> > </policy-set> > > Let's see how DAP will evolve then. Given that I don't know the specifics about this policy format I can't comment on the above policy specifically. However I will note that the security experts at Mozilla did agree that opening a non-modal dialog asking for access to geo-location was considered acceptable, as I noted in a previous email. I don't know what effect that has on the above policy. I don't know what policy other browsers have used in this area. / Jonas
Received on Friday, 20 November 2009 01:04:52 UTC