Re: RFC: Site Affiliation from Daniel Veditz on 2017-04-21 (public-webappsec@w3.org from April 2017)

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 21 Apr 2017 10:54:11 -0700
To: Jochen Eisinger <eisinger@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, John Wilander <wilander@apple.com>
Message-ID: <CADYDTCA8AN8k5XvtZRzX+mnnd0WWrksgKyGnxVATzTHZMLScNQ@mail.gmail.com>

On Fri, Apr 21, 2017 at 7:44 AM, Jochen Eisinger <eisinger@google.com>
wrote:

> Android allows for associating an app with one or more sites[1], and so
> does iOS[2].
>  [...]
>
> Adding this information to the web manifest, or as part of an origin
> policy comes to mind.
>

If it's not a mutual opt-in by all sites involved then we're opening a
huge hole. Asking the user isn't enough because users are easily fooled.

-
Dan Veditz

Received on Friday, 21 April 2017 17:55:04 UTC