- From: Mounir Lamouri <mounir@lamouri.fr>
- Date: Wed, 26 Nov 2014 02:18:20 +1100
- To: Brad Hill <hillbrad@fb.com>, public-webappsec@w3.org
On Thu, 20 Nov 2014, at 06:10, Brad Hill wrote: > <Hat = WG Participant> > > I spoke with my legal team, and they are concerned about the Permissions > API. It is somewhat out of character with the rest of the work this > group > is doing. Everything else is roughly about setting security policies and > hints from the server to be implemented by the client. In contrast, the > Permissions API is adding new app-focused APIs in the client. While it > is > simple now, it may become a hook on which more complex work will be hung, > around schemes for prompting users, managing permissions, etc. and this > may enter into areas where members have IPR concerns. The API doesn't intend to tell UA or websites or to prompt or manage permissions. As pointed in the design document, the possible scope increase would be for a website to ask the UA to get a permission. -- Mounir
Received on Tuesday, 25 November 2014 15:18:46 UTC