W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: Proposal for User Agent Augmented Authorization

From: Sam Penrose <spenrose@mozilla.com>
Date: Wed, 6 Aug 2014 11:00:27 -0700 (PDT)
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WebApps WG <public-webapps@w3.org>
Message-ID: <1222730668.11811930.1407348027851.JavaMail.zimbra@mozilla.com>
> From: "Anne van Kesteren" <annevk@annevk.nl>
> On Wed, Aug 6, 2014 at 5:25 AM, Sam Penrose <spenrose@mozilla.com> wrote:
> > Web apps suffer particularly due to non-http URIs and cookie segregation.
> > We would like feedback on the specific APIs suggested, as well as the
> > overall problem framing. Thank you for your consideration.
> 
> One problem I have with OAuth or perhaps the implementation thereof by
> services around the web is that it is typically all-or-nothing. E.g.
> currently I can visit Google Maps and opt to not share my location.
> But I cannot login to some services without giving them access to post
> on my Facebook wall.
> 
> I guess there is not much that can be done about this other than
> encouraging services to provide such granularity.

We absolutely should try to encourage granularity! The Chrome identity API for web apps (which I should have cited as influential prior art -- fix coming) allows adding scopes. I created an issue in the repo:

  https://github.com/SamPenrose/ua-augmented-auth/issues/8

Thanks for the reminder!
Received on Wednesday, 6 August 2014 18:00:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC