- From: Bjartur Thorlacius <svartman95@gmail.com>
- Date: Sun, 9 Jan 2011 12:21:02 +0000
On 1/9/11, Glenn Maynard <glenn at zewt.org> wrote: > Access control is tied closely to the nearby discussion on privilege > escalation (which came out of this thread). I do believe it's the > browser's job to decide what access a particular page gets, and to > give the user control over privilege escalation. > > I hate the analogy, but the browser is to web apps what the operating > system is to native apps: from providing the APIs to let them do > things, to enforcing permissions. The difference, of course, is that > the default trust level for remote apps is much lower than for native > apps. > It seems to me that the difference can be implemented by running remote apps with lower privileges. No need to reimplement all access control mechanism. The wheel does exist, already. If you want *all* of the OS running on top of the OS, you should host Vita Nuova Inferno. > Browser access control shouldn't be as complex as OS permissions, but > it does need to exist, and I do believe it'll need to be fleshed out > more thoroughly than it is currently for web apps to be a real > alternative to native for many use cases, and for others, to make them > less acutely second-class. As I mentioned in the other thread, > privilege escalation ranges from relaxing "nuisance-preventing" > restrictions (context menu cancellation, browser fullscreen, opening > windows) to high-trust operations like broader local file access and > yes, device access. > So, OS permissions are too complex, so you figure it's best to build another permission system on top of the existing ones? Why? The nuisance-prevention may be implemented by browsers, but privilege escalation to e.g. broader file access is clearly the OS' job. > (Not to endorse device access in general--that request for low-level > access to Bluetooth devices is, frankly, crazy--but a serial API isn't > unreasonable at all.) > Seems to be about the only point we agree on. > The particular mechanisms to handle this should be up to the browser, > of course, but I firmly believe it's the browser's job. I strongly disagree. Running applications written in other programming languages than JavaScript with limited privileges may be useful to a user. Thus permissions should in no way be tied to browsers.
Received on Sunday, 9 January 2011 04:21:02 UTC