On Thu, Dec 3, 2015 at 11:48 PM, Jonas Sicking <jo...@sicking.cc> wrote:
> On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan <rob...@ocallahan.org> > wrote: > > 1) What I suggested: Whitelist vendor origins for access to their devices > > and have vendor-hosted pages ("Web drivers"?) expose "safe" API to > > third-party applications. > > 2) Design a permissions API that one way or another lets users authorize > > access to USB devices by third-party applications. > > 3) Wrap USB devices in Web-exposed believed-to-be-safe standardized APIs > > built into browsers. > > There's also > > 4) Design a new USB-protocol which enables USB devices to indicate > that they are "web safe" and which lets the USB device know which > website is talking to it. Then let the user authorize a website to use > a given device. > > This is similar to what we did with TCP (through WebSocket), UDP > (WebRTC) and HTTP (through CORS). Yes, that's another possibility. However, for USB the "Web driver" approach seems better than that, to me. It makes it easy to update the vendor library to fix security bugs and update the API. If the Web API is baked into the device firmware that's a lot harder. Rob -- lbir ye,ea yer.tnietoehr rdn rdsme,anea lurpr edna e hnysnenh hhe uresyf toD selthor stor edna siewaoeodm or v sstvr esBa kbvted,t rdsme,aoreseoouoto o l euetiuruewFa kbn e hnystoivateweh uresyf tulsa rehr rdm or rnea lurpr .a war hsrer holsa rodvted,t nenh hneireseoouot.tniesiewaoeivatewt sstvr esn _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform