Re: [presentation-api] Security and privacy evaluation and considerations from Anssi Kostiainen via GitHub on 2015-05-07 (public-secondscreen@w3.org from May 2015)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 May 2015 07:53:41 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-99759217-1430985219-sysbot+gh@w3.org>

Depending on the results of the security and privacy evaluation, the 
Privileged Contexts [1] spec may become relevant:

>[The Privileged Contexts] specification provides guidelines for user 
agent implementors and spec authors for implementing features whose 
properties dictate that they be exposed to the web only within a 
trustworthy environment.

It seems the Presentation API ticks some of the boxes in *Should 
[insert feature here] require a privileged context?* [2]:
* The feature provides access to or information about other devices a 
user has access to.
* The feature introduces some functionality for which user permission 
will be required.

[1] https://w3c.github.io/webappsec/specs/powerfulfeatures/
[2] 
https://w3c.github.io/webappsec/specs/powerfulfeatures/#feature-requires-privilege

-- 
GitHub Notif of comment by anssiko
See 
https://github.com/w3c/presentation-api/issues/45#issuecomment-99759217

Received on Thursday, 7 May 2015 07:53:42 UTC