- From: Arve Bersvendsen <arveb@opera.com>
- Date: Tue, 02 Jun 2009 15:19:17 +0200
- To: "Henri Sivonen" <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
On Tue, 02 Jun 2009 14:57:46 +0200, Henri Sivonen <hsivonen@iki.fi> wrote: > Please state the purpose of <feature>. (That it's for authorizing > features that don't participate in the Web-oriented browser security > model.) > > Please include a corresponding UA requirement to obtain authorization > from the user for the features imported with <feature>. (It seems that > the security aspect requires an authorization and doesn't make sense if > the dangerous feature are simply imported silently.) As far as I can > tell, the spec doesn't currently explain what the UA is supposed to do > with the 'feature list' once built. Such authorization may be made in a number of other ways than 'from the user'. A user agent distributor may for instance use signatures on applications to determine that the feature is safe[1] to access. [1] «Safe»: here meaning that an application signed with a particular signature is in compliance with criteria regarding both security and privacy-related concerns. -- Arve Bersvendsen Opera Software ASA, http://www.opera.com/
Received on Tuesday, 2 June 2009 13:20:04 UTC