- From: Ananubis <notifications@github.com>
- Date: Tue, 02 Mar 2021 12:35:18 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/606/789197545@github.com>
Hi @nightpool, Thanks for the exhaustive feedback! We have updated our Security & Privacy self-review to more correctly indicate our proposal. More specifically, on the questions #6 and #8 the answer is identical -- we are exposing managed configuration which is configured per app and global device-specfic attributes. On all the "untrusted" origins, the API calls will fail and will not expose anything. The exact mechanism of determining which applications are "trustworthy" is based on the origin of the page. If the current origin belongs to the list of the trusted origins(for Chromium, this means that there is a force-installed Web App in that origin), the access to the trusted APIs shall be given. Regarding the "authentication" mechanism: since we are scoping all applications by "origin", I do think that relying on HTTPS should be enough to reliably authenticate an app. If the force-installed app is hosted under another less secure protocol, this might be an issue. I think, we shouldn't enforce HTTPS, since some users may have applications hosted in the local network without a proper domai. We should allow such cases, but should alert the device administrator about that potential issue when they would try adding a non-https Web App. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/606#issuecomment-789197545
Received on Tuesday, 2 March 2021 20:35:30 UTC