Re: [widgets] Purpose and utility of <feature> unclear

On Tue, Jun 2, 2009 at 12:28 PM, Marcin Hanclik
<Marcin.Hanclik@access-company.com> wrote:
> Hi Henri,
>
>>>I think it would be preferable to design APIs in such a way that
>>>security/privacy aspects of the API are Web-ready, i.e. the same API
>>>could be exposed to Web content. (I consider the design of the
>>>Geolocation API and it's authorization UI in Firefox Web-ready in this
>>>sense.)
> There is no problem with the APIs within the Web content.
> There is just a difference on the security policy level whether unauthorized Web content (website vs. widget) may access the API.
> http://bondi.omtp.org/1.0/security/BONDI_Architecture_and_Security_Appendices_v1.0.pdf, section B.4.(1|2).
>

Right. This is applicable for BONDI user agents, but not necessarily
user agents that use the W3C's DAP-WG APIs. It is unlikely that Web
Browsers will become BONDI compliant given the DAP work.


-- 
Marcos Caceres
http://datadriven.com.au

Received on Tuesday, 2 June 2009 11:42:57 UTC