- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Mon, 14 May 2018 16:18:31 -0700
- To: W3C Web Authn WG <public-webauthn@w3.org>
I originally posted this over on https://discourse.wicg.io because two
of the concerned specs are WICG ones.
Tho I thought I'd post here too to see what y'all might also think...
https://discourse.wicg.io/t/relationship-of-permissions-feature-policy-origin-policy/2772
(the latter has approp hyper-links)
Hi, I wish to test my perhaps flawed understanding regarding the
relationship amongst these specs:
Permissions
Feature Policy
Origin Policy
I note that the permission-registry and the set of Policy Controlled
Features intersect but are not congruent. And both Origin Policy and
Feature Policy have things to do with HTTP header fields.
I note that none of the above specs reference each other.
Q1. Is Feature Policy intended to supersede Permissions? If one squints
even not too hard it seems the former is a superset of the latter.
Q2. If the answer to Q1 is “no”, then what is envisioned regarding the
long-term coexistence of Feature Policy and Permissions?
Q3. Origin Policy does not at this time appear to limit the HTTP header
field names & values one can enumerate in an Origin Policy Manifest.
Does this mean one can use an Origin Policy to convey a Feature Policy
HTTP Header Field?
thanks for any light y’all might be able to shed here,
=JeffH
Received on Monday, 14 May 2018 23:19:02 UTC