- From: Doug Turner <w3c@dougt.org>
- Date: Wed, 13 Jan 2010 11:22:43 -0800
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- Cc: "ext Mark S. Miller" <erights@google.com>, ext Robin Berjon <robin@robineko.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
If we decided on URIs for devices: robin's correct, authorization in the model needs to be considered. I think contacts://<...> could be either implemented on the localhost where there isn't any network connectivity issues and permissions can be managed by the implementation. It can also be implemented by some server not on the localhost that will have network connectivity issues and a different means to acquire usage permission. Doug On Jan 13, 2010, at 11:05 AM, Frederick Hirsch wrote: > Mark, my concern was that these (e.g. OAuth others noted) all seem to imply network connectivity, yet there might be a requirement to have contact book access (to give an example) without network access. > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Jan 13, 2010, at 1:23 PM, ext Mark S. Miller wrote: > >> Still catching up. Answering out of order. >> >> >> On Wed, Jan 13, 2010 at 7:26 AM, Frederick Hirsch <Frederick.Hirsch@nokia.com> wrote: >> use of OAuth. >> >> >> That was just an example of one approach to the inter-site authorization problem. Others are CORS and UMP. As I said in the initial proposal, I don't think this WG should try to pick a winner in this debate. They should just position device APIs so that they can leverage whatever the winner is, by recasting devices as RESTful GET/POST apis. By so doing, we reduce the security issues to a previously unsolved problem ;). >> >> >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> On Jan 13, 2010, at 9:55 AM, ext Robin Berjon wrote: >> >> On Jan 13, 2010, at 15:50 , Frederick Hirsch wrote: >> Is there a requirement to allow local access to contacts, for example, even when disconnected from the network? How would this work in this model, or is disconnected operation not a requirement? It seems a mobile device should still operate as much as possible when disconnected. >> >> That's entirely orthogonal. Either the web server is local, or (perhaps more likely) it is emulated by the user agent. You never go to the network, whether connected or not. >> >> I thought the proposal was to go to the network for authorization, in which case it is not orthogonal. >> >> I don't read that in the original proposal, can you clarify which part you're thinking of? >> >> -- >> Robin Berjon >> robineko — hired gun, higher standards >> http://robineko.com/ >> >> >> >> >> >> >> >> >> -- >> Cheers, >> --MarkM > >
Received on Wednesday, 13 January 2010 19:23:15 UTC