- From: John Lyle <john.lyle@cs.ox.ac.uk>
- Date: Mon, 8 Apr 2013 07:17:04 +0000
- To: Jonas Sicking <jonas@sicking.cc>, "SULLIVAN, BRYAN L" <bs3131@att.com>
- CC: "public-sysapps@w3.org" <public-sysapps@w3.org>, Janusz Majnert <j.majnert@samsung.com>
On 08/04/2013 05:32, Jonas Sicking wrote: > I personally don't think it's a good idea to ask the user which websites > an app should be able to connect to outside of the usual web SOP. > > This is a very technical question and very few users are likely to > understand the implications of such a question. > I strongly agree. Realistically, at most only three agents should be involved in this decision: (1) The app developer should define the origins with which the app needs to communicate (definition of least privilege) (2) The origin should define the applications with which it is prepared to communicate (access control) (3) The user agent may intervene based on a list of known malicious origins (host based malware protection) Where (2) might be skipped for privileged native-replacement apps, particularly those with access to raw sockets, and (3) seems outside of the scope of standardisation, but could be mentioned in the security considerations for UA implementers. John
Received on Monday, 8 April 2013 07:17:48 UTC