Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG

On Thu, 20 Nov 2014, at 06:10, Brad Hill wrote:
> <Hat = WG Participant>
> I spoke with my legal team, and they are concerned about the Permissions
> API.  It is somewhat out of character with the rest of the work this
> group
> is doing.  Everything else is roughly about setting security policies and
> hints from the server to be implemented by the client. In contrast, the
> Permissions API is adding new app-focused APIs in the client.  While it
> is
> simple now, it may become a hook on which more complex work will be hung,
> around schemes for prompting users, managing permissions, etc. and this
> may enter into areas where members have IPR concerns.

The API doesn't intend to tell UA or websites or to prompt or manage
permissions. As pointed in the design document, the possible scope
increase would be for a website to ask the UA to get a permission.

-- Mounir

Received on Tuesday, 25 November 2014 15:18:46 UTC