- From: Bjartur Thorlacius <svartman95@gmail.com>
- Date: Thu, 5 May 2011 19:41:24 +0000
On 5/5/11, Charles McCathieNevile <chaals at opera.com> wrote: > On Thu, 05 May 2011 00:12:06 +0200, Bjartur Thorlacius > <svartman95 at gmail.com> wrote: > >> On 5/3/11, Cameron Heavon-Jones <cmhjones at gmail.com> wrote: >>> There are a number of resources which are thought of having an >>> 'application' scope which may make sense to be collated into a >>> single manifest and with the ability for an agent to manage it as >>> such. >>> >> Yeah, if a single entity edits and signs multiple resources, it's >> unreasonable to trust one but not another. > > If I understand correctly, I disagree. I might trust a given entity > sometimes, or with some kinds of information, without wanting to simply > say "sure whatever you want". That's probably for the "hard-to-use mode" > in the UI, but I think it's legitimate. In practice, even given something > as simple as twitter's geolocation request I *sometimes* allow it to know > where I am and sometimes don't. > In that case you wouldn't grant anyone a carte blanche access to your location, but authorize or forbid each request. I meant that users probably wouldn't want to permanently authorize http://twitter.com/A but not http://twitter.com/. Of course, if the site requests coordinates, it's up to the user whether they come from /dev/gps or /dev/tty (or /n/3D Globe).
Received on Thursday, 5 May 2011 12:41:24 UTC