On 8/21/12 7:33 PM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote: >>I've been trying to find a way to propose text that balances these >>concerns, but to be honest, I don't have a good solution. Part of this >>is what lead to the proposal of requiring CSP, since this can mitigate >>(some of) the security concerns, but I think there's still a lot of >>security risks that have to be talked through and discussed before we >>go too far. Ryan, >From my notes at the F2F, we had attributes of type scope (including access control and temporary/permanent). These were supposed to be set at the time of creation and read-only after that. Access control attribute was meant to allow the origin to specify which sites can access/use this key (may be we need granularity of purpose too). I have not been following the conversations much lately, but I do not see the access control attribute in the draft (temporary is there). Has it been dropped because of some reason? Thanks, SeetharamaReceived on Wednesday, 22 August 2012 15:30:49 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:25 UTC