Re: JavaScript Permissions interface in WebApps

Thanks Dom.

Is the first argument is what we've been calling a "capability"?

It looks like "checkPermission" then is requesting a Policy Decision, so behind this call could be a variety of choices of policy decision evaluators, one of which could be along the lines of the XACML-like policy rules and evaluation engine.

Thus it seems we still need to define capabilities and ability to express policy rules.

What is proposed however, is a means to "mix in" an interface to request such decisions to any API, is that right?

What happens if an application does not ask permission, but just calls an API with this approach in place? 

regards, Frederick

Frederick Hirsch
Nokia



On Jun 25, 2010, at 2:27 AM, ext Dominique Hazael-Massieux wrote:

> Hi,
> 
> There is a nascent thread in public-webapps that includes, among other
> things, discussions of a JavaScript "Permissions" interface — that would
> strongly relate to any kind of policy framework we would develop in this
> group, so I suggest the group should pay attention to it:
> http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/1150.html
> 
> Dom
> 
> 
> 

Received on Monday, 28 June 2010 20:39:11 UTC