W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG

From: Mounir Lamouri <mounir@lamouri.fr>
Date: Wed, 26 Nov 2014 02:18:20 +1100
Message-Id: <1416928700.3480889.195229057.4813788A@webmail.messagingengine.com>
To: Brad Hill <hillbrad@fb.com>, public-webappsec@w3.org
On Thu, 20 Nov 2014, at 06:10, Brad Hill wrote:
> <Hat = WG Participant>
> 
> I spoke with my legal team, and they are concerned about the Permissions
> API.  It is somewhat out of character with the rest of the work this
> group
> is doing.  Everything else is roughly about setting security policies and
> hints from the server to be implemented by the client. In contrast, the
> Permissions API is adding new app-focused APIs in the client.  While it
> is
> simple now, it may become a hook on which more complex work will be hung,
> around schemes for prompting users, managing permissions, etc. and this
> may enter into areas where members have IPR concerns.

The API doesn't intend to tell UA or websites or to prompt or manage
permissions. As pointed in the design document, the possible scope
increase would be for a website to ask the UA to get a permission.

-- Mounir
Received on Tuesday, 25 November 2014 15:18:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC