W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2017

Re: RFC: Site Affiliation

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 21 Apr 2017 10:54:11 -0700
Message-ID: <CADYDTCA8AN8k5XvtZRzX+mnnd0WWrksgKyGnxVATzTHZMLScNQ@mail.gmail.com>
To: Jochen Eisinger <eisinger@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, John Wilander <wilander@apple.com>
On Fri, Apr 21, 2017 at 7:44 AM, Jochen Eisinger <eisinger@google.com>
wrote:

> Android allows for associating an app with one or more sites[1], and so
> does iOS[2].
> ​ [...]
>
> Adding this information to the web manifest, or as part of an origin
> policy comes to mind.
>

​If it's not a mutual opt-in by all sites involved then we're opening a
huge hole. Asking the user isn't enough because users are easily fooled​.

-
​Dan Veditz​
Received on Friday, 21 April 2017 17:55:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:22 UTC