W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2009

Re: Restricting API access

From: Andrei Popescu <andreip@google.com>
Date: Mon, 15 Jun 2009 18:13:57 +0100
Message-ID: <708552fb0906151013q56512ae3v2268f01c68b7a490@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: public-geolocation <public-geolocation@w3.org>
On Mon, Jun 15, 2009 at 6:07 PM, Anne van Kesteren <annevk@opera.com> wrote:

> On Mon, 15 Jun 2009 18:47:17 +0200, Andrei Popescu <andreip@google.com>
> wrote:
> > I think we do reference exactly that definition. Anyway, I thought the
> > spec is clear in that respect but improvements are, of course, welcome
> > :) Do you happen to have a suggestion?
>
> I saw you use it in the definition of PERMISSION_DENIED though it is not
> referenced (e.g. by saying "The term origin is defined in HTML5. [HTML5])
> and it talks about application origin which is somewhat ambiguous as you
> could have multiple applications on a single origin.
>
> I think that once the text in
>
>  http://lists.w3.org/Archives/Public/public-geolocation/2008Oct/0070.html
>
> is integrated wording could be added there. E.g. "If a user grants an
> application permission this permission SHOULD be scoped to the origin of the
> application." and where it talks about revoking permission I would do
> s/application/origin/.
>
> (Maybe also in general prefix application with "Web ".)
>

Just to clarify, were you reading the official draft? That only has an empty
placeholder for the Privacy section. The text you mentioned is integrated in
the editor's draft, section "Security and privacy...":

http://dev.w3.org/geo/api/spec-source.html

All the best,
Andrei
Received on Monday, 15 June 2009 17:14:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:56 UTC