W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: "Requirements for Powerful Features" strawman.

From: Mike West <mkwst@google.com>
Date: Sat, 22 Nov 2014 17:03:42 +0100
Message-ID: <CAKXHy=fQ+OBcN0Tn+aERRhevuLPXhVSO1Uokk2kyT2VD6ZyWUA@mail.gmail.com>
To: Mark Watson <watsonm@netflix.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@fb.com>
On Fri, Nov 21, 2014 at 6:05 PM, Mark Watson <watsonm@netflix.com> wrote:

> ​There's a distinction between entirely new functionality and new
> replacements for to-be-deprecated, but widely used, functionality.
> Completely new functionality has no existing users (sites) so you have a
> true "green field" situation (e.g. Service Workers). If you are trying to
> replace some existing widely-used legacy functionality, the situation is
> different, since too many barriers in the path of the new thing may just
> lead people to stick with the legacy solution longer.
>

Some APIs make this migration easier than others: for example, Geolocation
isn't something we can just turn off for insecure contexts, but it's
certainly something where we can experiment with degrading the insecure
experience (by shortening permission lifetimes, for instance, or by
coarsening the location). I suspect we'll be able to find similar paths for
most APIs and features that gain sufficient consensus for change.

​We're discussing in the EME context an additional consideration, which is
> that identifiers should be ​encrypted at the EME layer. What properties
> that gives you depends a lot on exactly how its done, obviously, so I'll
> not make any claims here except to say that the situation is potentially
> different from, say, cookies.
>

Sounds interesting. I'm looking forward to seeing a concrete proposal's
details! :)

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Saturday, 22 November 2014 16:04:30 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC