- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 4 May 2012 11:28:33 -0700
- To: Niklas Widell <niklas.widell@ericsson.com>
- Cc: Doug Turner <dougt@mozilla.com>, "Carr, Wayne" <wayne.carr@intel.com>, "Tran, Dzung D" <dzung.d.tran@intel.com>, Robin Berjon <robin@berjon.com>, "public-device-apis@w3.org public-device-apis@w3.org" <public-device-apis@w3.org>
On Thu, May 3, 2012 at 1:30 AM, Niklas Widell <niklas.widell@ericsson.com> wrote: > However I think that for all APIs that we come up with, we need to define a > security model along with the API. I suspect that in many cases it large > parts will still be left up to the decision of the implementation, for > example what various UI look like. However I think in all cases will we need > to figure out a credible security model. > > When we are defining that security model that will likely determine what > browser implementers will feel comfortable exposing to the pages that they > render. > > / Jonas > > > Will there be one such security model or many? Can one such security model > seamlessly cover both restricted/controlled/curated environments and > wild-web scenarios? That depends on your definition of "security model" I guess. What I mean is that we for all APIs that we develop, need to fully describe how security is handled for them. / Jonas
Received on Friday, 4 May 2012 18:55:32 UTC