- From: Olli Pettay <Olli.Pettay@helsinki.fi>
- Date: Wed, 03 Nov 2010 16:49:49 +0100
- To: Andy Mauro <Andy.Mauro@nuance.com>
- CC: Bjorn Bringert <bringert@google.com>, Satish Sampath <satish@google.com>, public-xg-htmlspeech@w3.org
On 11/03/2010 04:09 PM, Andy Mauro wrote: > It'd be worth enumerating the 'settings, modes or specialized browsers' - > it's not obvious to me why any browser would want to ignore the developers > wishes to use a specialized resource excepting the offline scenario. Browser may not want to allow leaking data from one domain to another. Or the user may not want to leak any speech data to any server, and by controlling the browser settings he/she should be able to prevent the leak. My guess is that browsers might allow same origin access to speech services by default, but if a web app from www.foo.com wants to use speech services provided by www.bar.com, user might need to give the permission for that. And also www.bar.com speech services need to allow cross-domain connections (perhaps using CORS[1] or some similar technology ). If the user has set some remote speech service as the default recognizer in the browser, in that case cross-origin access should be probably allowed by default. -Olli [1] http://www.w3.org/TR/cors/ > Unless > we're very clear in specifying the expected default mode of operation and > the specific scenarios under which the defaults are not heeded there is room > for misuse, or more likely, misinterpretation which leads to developer AND > user pain because the quality and functionality of webapps cannot be > controlled. > > -Andy > > >> From: Bjorn Bringert<bringert@google.com> >> Date: Wed, 3 Nov 2010 16:05:47 +0100 >> To: Andy Mauro<Andy.Mauro@nuance.com> >> Cc: Satish Sampath<satish@google.com>,<Olli@pettay.fi>, >> <public-xg-htmlspeech@w3.org> >> Subject: Re: Offline webapps and speech UI >> >> I think we agree that the intention is that typical browsers would by >> default follow the web app's requests. There may be settings, modes or >> specialized browsers that turn it off by default. As long as the >> browser lets the web app know, we won't be any worse off than if the >> browser had simply turned off or never implemented the speech input >> feature. >> >> /Bjorn >> >> On Wed, Nov 3, 2010 at 3:54 PM, Andy Mauro<Andy.Mauro@nuance.com> wrote: >>> It really boils down to what the default setting is ;) If it's to reject >>> developer requests for particular reco resources then we're likely not in >>> agreement since IMO this will cause apps to not work if a developer uses >>> recognizer specific functionality (which as much as I don't like this, is >>> the way it is today). If the default is to accept developer requests, and a >>> user has to manually modify the setting to use only local resources or an >>> alternate network resource, then I think all our goals are met (security, >>> privacy, app consistency) >>> >>> -Andy >>> >>>> From: Satish Sampath<satish@google.com> >>>> Date: Wed, 3 Nov 2010 15:49:51 +0100 >>>> To: Andy Mauro<Andy.Mauro@nuance.com> >>>> Cc: Bjorn Bringert<bringert@google.com>,<Olli@pettay.fi>, >>>> <public-xg-htmlspeech@w3.org> >>>> Subject: Re: Offline webapps and speech UI >>>> >>>>> I'm more concerned with the loophole that arises that seems to mean that >>>>> browsers can simply use their preferred recognizer all the time >>>>> irrespective >>>>> of developer choice. >>>> >>>> I don't see that as a loophole, but akin to (2) in your list where the >>>> 'paranoid privacy setting' is 'downloading and using a browser which >>>> uses my preferred recognizer'. >>>> >>>> - Satish >>> >>> >>> >> >> >> >> -- >> Bjorn Bringert >> Google UK Limited, Registered Office: Belgrave House, 76 Buckingham >> Palace Road, London, SW1W 9TQ >> Registered in England Number: 3977902 > > >
Received on Wednesday, 3 November 2010 15:50:30 UTC