- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 2 Jun 2009 13:42:00 +0200
- To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
- Cc: Henri Sivonen <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
On Tue, Jun 2, 2009 at 12:28 PM, Marcin Hanclik <Marcin.Hanclik@access-company.com> wrote: > Hi Henri, > >>>I think it would be preferable to design APIs in such a way that >>>security/privacy aspects of the API are Web-ready, i.e. the same API >>>could be exposed to Web content. (I consider the design of the >>>Geolocation API and it's authorization UI in Firefox Web-ready in this >>>sense.) > There is no problem with the APIs within the Web content. > There is just a difference on the security policy level whether unauthorized Web content (website vs. widget) may access the API. > http://bondi.omtp.org/1.0/security/BONDI_Architecture_and_Security_Appendices_v1.0.pdf, section B.4.(1|2). > Right. This is applicable for BONDI user agents, but not necessarily user agents that use the W3C's DAP-WG APIs. It is unlikely that Web Browsers will become BONDI compliant given the DAP work. -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 2 June 2009 11:42:57 UTC