Re: Presentation API in non secure contexts from Richard Barnes on 2017-01-23 (public-webappsec@w3.org from January 2017)

From: Richard Barnes <rbarnes@mozilla.com>
Date: Mon, 23 Jan 2017 16:27:16 -0500
To: "mark a. foltz" <mfoltz@google.com>
Cc: Francois Daoust <fd@w3.org>, WebAppSec WG <public-webappsec@w3.org>, public-web-security@w3.org, "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
Message-ID: <CAOAcki_1vizOBvkXHab-B-eKxTVGa+DutDhJ-Crxs3eKOPTXaw@mail.gmail.com>

I'm not trying to apply a "powerful feature" standard.  You'll notice that
the spec that used to be called "powerful features" is now called "secure
contexts" because it can be applied to *all* features.

Our starting assumption here should be that any new feature should be
restricted to secure contexts.  I'm looking for an argument that that
restriction would be harmful, pointless, etc. before we open it up to
non-secure contexts.

On Mon, Jan 23, 2017 at 4:17 PM, mark a. foltz <mfoltz@google.com> wrote:

> On Mon, Jan 23, 2017 at 9:06 AM, Richard Barnes <rbarnes@mozilla.com>
> wrote:
>
>> What is the rationale for why this API needs to be available to
>> non-secure contexts?
>>
>
> At the time the group considered this, it was judged to not be a powerful
> feature.
> We have asked for an updated rubric for evaluating what is a powerful
> feature, and have not yet received a reply.
>
> m.
>

Received on Monday, 23 January 2017 21:27:49 UTC