- From: Mike West <notifications@github.com>
- Date: Thu, 02 Apr 2020 01:15:04 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 2 April 2020 08:15:19 UTC
My expectation is that each given feature will be defined with a set of requirements in IDL (as we do for `[SecureContext]` today). Web developers wouldn't need to decide what the set of restrictions for a particular API would be, but we'd collectively decide things like "`performance.measureMemory` requires COOP/COEP." It seems to me that that's going to make things less complicated, as we'll have a few buckets into which to put each feature, rather than trying to craft individualized mitigations with a specific threat model for a specific feature. My hope is that the decision for developers then is "Do I need this API?", and the requirements are clear. I'll take all this into account when sketching out the document. Thank you! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/471#issuecomment-607692577
Received on Thursday, 2 April 2020 08:15:19 UTC