Re: Rechartering: Permissions API

On Thu, 13 Nov 2014, at 06:45, Daniel Veditz wrote:
> On 11/12/2014 10:06 AM, Mounir Lamouri wrote:
> > I would like to suggest to add permissions handling as part of the
> > webappsec charter with one concrete deliverable being the  Permissions
> > API specification.
> Have you approached other working groups about this specification, and
> if so what was their response? This isn't really a security feature (the
> permissions themselves may be, but not just reading their state) so it
> seems better suited for some place like public-webapps.
> Is it necessary to distinguish between "denied" and "prompt"? If a
> permission isn't already granted I'm not sure it's any of the page's
> business whether I've denied them or not -- they should (try to) ask if
> they want to know.

I approached WebApps, obviously. I think the group would take the
deliverable if it didn't re-chartered recently.  Arthur (co-chair)
recommended that I propose it to webappsec instead. I personally have no
preference between webapps and webappsec but on a practical matter,
having the spec here would allow us to move forward. I think Mike
suggestion to have this as a joint deliverable is great.

Regarding the details of the API, I've added an example underlining why
'denied' is an interesting value to have:

-- Mounir

Received on Thursday, 13 November 2014 12:16:33 UTC