W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2011

[whatwg] Proposal for a web application descriptor

From: Bjartur Thorlacius <svartman95@gmail.com>
Date: Thu, 5 May 2011 19:41:24 +0000
Message-ID: <BANLkTimNW8pfrGU-s+13+L=1KZ2bz52EeA@mail.gmail.com>
On 5/5/11, Charles McCathieNevile <chaals at opera.com> wrote:
> On Thu, 05 May 2011 00:12:06 +0200, Bjartur Thorlacius
> <svartman95 at gmail.com> wrote:
>
>> On 5/3/11, Cameron Heavon-Jones <cmhjones at gmail.com> wrote:
>>> There are a number of resources which are thought of having an
>>> 'application' scope which may make sense to be collated into a
>>> single manifest and with the ability for an agent to manage it as
>>> such.
>>>
>> Yeah, if a single entity edits and signs multiple resources, it's
>> unreasonable to trust one but not another.
>
> If I understand correctly, I disagree. I might trust a given entity
> sometimes, or with some kinds of information, without wanting to simply
> say "sure whatever you want". That's probably for the "hard-to-use mode"
> in the UI, but I think it's legitimate. In practice, even given something
> as simple as twitter's geolocation request I *sometimes* allow it to know
> where I am and sometimes don't.
>
In that case you wouldn't grant anyone a carte blanche access to your
location, but authorize or forbid each request. I meant that users
probably wouldn't want to permanently authorize http://twitter.com/A
but not http://twitter.com/.

Of course, if the site requests coordinates, it's up to the user
whether they come from /dev/gps or /dev/tty (or /n/3D Globe).
Received on Thursday, 5 May 2011 12:41:24 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:32 UTC