- From: Mandyam, Giridhar <mandyam@quicinc.com>
- Date: Wed, 5 Nov 2014 15:23:33 +0000
- To: public-geolocation <public-geolocation@w3.org>
- Message-ID: <155303d39c60436d8c91fba57dcce3db@NASANEXM01C.na.qualcomm.com>
As was discussed at TPAC 2014, the topic of requiring authenticated origins for geolocation is now being taken up in the form of an open call for comments on the public-geo mailing list. An overview of the issue was presented at last week’s face-to-face meeting: https://www.w3.org/2008/geolocation/wiki/images/1/12/Geolocation_-_Trusted_Origin.pdf. The definition of “authenticated origin” may be found at http://w3c.github.io/webappsec/specs/mixedcontent/. This requirement would apply to all specifications developed by the Geolocation Working Group. As decided at that meeting, before acting upon this issue it is important to gather feedback from affected parties. This includes web service providers, developers, and browser (web runtime engine) vendors. The following is requested from respondents: a) If you are against requiring authenticated origins for geolocation API’s, please state so and state your reasons for objection. b) If you are in favor of requiring authenticated origins for geolocation API’s, please state so and your reasons for support. In addition, please provide a proposal for how support for unauthenticated origins could be phased out (e.g. a schedule for developer evangelization, warning dialog boxes in browsers, hard cutoff for ending support in browsers). After responses are received, I will do my best to compile results and provide a representative synopsis of the feedback. I hope this call for comments is clear as written above, but if not please let me know. -Giri Mandyam, Geolocation Working Group Chair P
Received on Wednesday, 5 November 2014 15:24:03 UTC