- From: raymeskhoury <notifications@github.com>
- Date: Thu, 28 Apr 2016 16:42:11 -0700
- To: w3c/permissions <permissions@noreply.github.com>
- Cc:
- Message-ID: <w3c/permissions/issues/86/215594200@github.com>
I think another way to frame this discussion is: "what are the permissible ways to scope a permission decision?". There are many dimensions to scoping a decision, e.g. 1) The lifetime of the reference to the object-capability returned (e.g. a single call to getUserMedia). 2) The lifetime of the tab to which the grant occurred. 3) A URL scope (e.g. domain, origin, path etc.). 4) Whether the grant applies in embedded contexts as well as top level contexts. Each browser scopes the decision differently in most of these dimensions. To me there's not an approach that is clearly best or has consensus. Part of which approach is best depends on the UI for permission management in the browser. The only restriction that is clear and has consensus in my mind is that a decision shouldn't be scoped more broadly than the origin of the requesting document. It seemed complicated to try to model all the other reasonable possibilities in the spec which is one reason I felt hesitant about it. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/issues/86#issuecomment-215594200
Received on Thursday, 28 April 2016 23:42:42 UTC