- From: Robin Berjon <robin@berjon.com>
- Date: Tue, 2 Jun 2009 15:02:57 +0200
- To: Henri Sivonen <hsivonen@iki.fi>
- Cc: public-webapps <public-webapps@w3.org>
On Jun 2, 2009, at 14:57 , Henri Sivonen wrote:
> Please include a corresponding UA requirement to obtain
> authorization from the user for the features imported with
> <feature>. (It seems that the security aspect requires an
> authorization and doesn't make sense if the dangerous feature are
> simply imported silently.) As far as I can tell, the spec doesn't
> currently explain what the UA is supposed to do with the 'feature
> list' once built.
I don't think that that is a good idea. The purpose of <feature> is to
provide a hook through which a widget may communicate with a security
policy. What's in the security policy really isn't up to P+C to define
(though it certainly should be defined somewhere else). Maybe it could
ask the user, as you state, but maybe it could see that the widget was
signed by a trusted party, or know that the device doesn't have any
sensitive data for a given API, or maybe anything goes on the full moon.
--
Robin Berjon - http://berjon.com/
Feel like hiring me? Go to http://robineko.com/
Received on Tuesday, 2 June 2009 13:03:32 UTC