- From: Maciej Stachowiak <mjs@apple.com>
- Date: Thu, 8 May 2008 02:51:20 -0700
- To: Arve Bersvendsen <arveb@opera.com>
- Cc: Charles McCathieNevile <chaals@opera.com>, "Web API WG (public)" <public-webapi@w3.org>
On May 8, 2008, at 1:18 AM, Arve Bersvendsen wrote: > On Wed, 07 May 2008 20:57:25 +0100, Maciej Stachowiak > <mjs@apple.com> wrote: > >> They both said that this proposal was only meant for things like >> widgets, and agreed with my assessment that it would be a giant >> security hole if exposed to web content. > > Without commenting further: Yes, in its current incarnation it > raises security concerns, but what I meant to say was more "Our > primary use case, and concerns that we have put into the initial > proposal are centered around locally installed web applications, aka > widgets". > > I would not exclude making a subset of the proposal available to web > applications though. Note that the current proposal speaks of > FileStreams -- ideally, these should be generic IOStreams, and > should apply to other protocols than "mountpoint" or "file". Think > scratch areas, webdav/svn integration, file upload with folder watch > (but the method of doing so would have to be well-defined and more > secure). The initial proposal is not meant to cover this, but a > properly worked out, future revision could cover both. I would be happy to review a proposal that is intended for Web content, once one is available. Regards, Maciej
Received on Thursday, 8 May 2008 09:52:00 UTC