- From: Matt Womer <mdw@w3.org>
- Date: Mon, 15 Jun 2009 13:40:25 -0400
- To: public-webapps@w3.org, Geolocation Working Group WG <public-geolocation@w3.org>, public-device-apis@w3.org
Hi all, Within the Geolocation Working Group we've been discussing a few different methods of securing the location API, one of which is described below by Doug Turner [1]: On May 21, 2009, at 6:02 PM, Doug Turner wrote: > got some feedback on this. this isn't how it works today, but I > think it is the way it should work in the future. Even more so, I > have been considering restricting device apis (like geolocation) to > top level documents only and prevent iframes from accessing this > APIs. I did get some push back in Dec when I suggested this at our > w3c devices workshop (are the notes anywhere for this? thomas?). > This will break many of the sites like igoogle and others that embed > content from remote origins. However such sites, could use > something like PostMessage to explicitly send data. > > Is this an overkill? Thoughts? This seems like an idea on which both WebApps and the Device API and Policy WG's would be interested in contributing to a discussion. Already some members of those groups have already been contributing in this thread [2]. (We're tracking this as ISSUE-9 [3]) Thank you, -Matt Womer [1] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0053.html [2] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0055.html [3] http://www.w3.org/2008/geolocation/track/issues/9
Received on Monday, 15 June 2009 17:40:51 UTC