Re: [w3c/permissions] Model temporary permissions better (#86) from Anne van Kesteren on 2016-04-27 (public-webapps-github@w3.org from April 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Wed, 27 Apr 2016 06:11:55 -0700
To: w3c/permissions <permissions@noreply.github.com>
Cc:
Message-ID: <w3c/permissions/issues/86/215076956@github.com>

I don't think that works. While we should allow some freedom what becomes part of the key, we shouldn't allow all the things. E.g., if I have two tabs open for a given URL, those need to have access to the same permissions. There needs to be some reasonable guarantees to developers, otherwise the whole system is meaningless.

And we need to make it clear that origin is at least part of that key, to preserve the same-origin policy. Furthermore, we need to define which origin that is and where it's obtained from, again, to preserve the same-origin policy and guarantee some consistency across user agents.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/86#issuecomment-215076956

Received on Wednesday, 27 April 2016 13:12:23 UTC