W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2017

Re: RFC: Site Affiliation

From: Jochen Eisinger <eisinger@google.com>
Date: Fri, 21 Apr 2017 17:57:24 +0000
Message-ID: <CALjhuicYX+iCG7bCO_p3hMj1kJ8RY9Q5B50hxGUyuZTTWWjK=A@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, John Wilander <wilander@apple.com>
Right, all involved sites would have to agree on the exact set of involved
sites.

On Fri, Apr 21, 2017 at 7:54 PM Daniel Veditz <dveditz@mozilla.com> wrote:

> On Fri, Apr 21, 2017 at 7:44 AM, Jochen Eisinger <eisinger@google.com>
> wrote:
>
>> Android allows for associating an app with one or more sites[1], and so
>> does iOS[2].
>>
> ​ [...]
>>
>
>> Adding this information to the web manifest, or as part of an origin
>> policy comes to mind.
>>
>
> ​If it's not a mutual opt-in by all sites involved then we're opening a
> huge hole. Asking the user isn't enough because users are easily fooled​.
>
> -
> ​Dan Veditz​
>
>
Received on Friday, 21 April 2017 17:58:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:22 UTC