- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 28 Oct 2021 02:51:58 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 28 October 2021 09:52:11 UTC
I'm also confused now and I agree with @domenic that all of this is already possible if the parties cooperate (which sending a message implies; though it should be stricter on origins, filed https://github.com/WICG/capability-delegation/issues/17 on that). Here's what I thought the idea was: 1. Permissions Policy is used to delegate the permission, but it doesn't delegate the user activation. The user would still have to click in the frame if the API required user activation. 2. Capability Delegation is used to delegate the permission and user activation. There's no need that I can see for 2 to be restricted to a subset of APIs and I think we should make it work for all the things that require user activation today and are part of Permissions Policy. (And we should make the specification architecture reflect that better as it currently requires a lot of language for each individual API that can be better abstracted.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/655#issuecomment-953690813
Received on Thursday, 28 October 2021 09:52:11 UTC