RE: ISSUE-11: Gathering requirements [FileSystem API]

I fully agree with Paddy. This is a general discussion that applies to all sensitive JavaScript APIs that we need to protect from unauthorized access.

However, the issue remains whether we should add a requirement to the FileSystem API. I suggest:

"SHOULD provide secure storage and management of secret information, e.g. server login credentials or API keys."

Best regards

From: Paddy Byers []
Sent: onsdag den 21 oktober 2009 11:36
To: Peter-Paul Koch; Frederick Hirsch
Cc: Nilsson, Claes1; Robin Berjon;
Subject: Re: ISSUE-11: Gathering requirements [FileSystem API]

> 1) Signing gives:


I think this discussion is common to all APIs and belongs to a new issue which should be raised. This issue should be confined to the filesystem API discussion.

I suggest raising a new issue: widget signing and trust models.

Thanks - Paddy

Received on Wednesday, 21 October 2009 11:58:22 UTC