On Tuesday, February 10, 2015 at 11:52:55 AM UTC+1, Julien Wajsberg wrote: > Hey Paul, > > Le 09/02/2015 12:41, Paul Theriault a écrit : > > === SMS === > > SMS is risky mainly due to the cost involved. Risks include cost of sending > > SMS and also SMS are very sensitive - e.g. often used in 2-factor auth > > (e.g. banking) > > > > But there are different use cases. For example, many use cases just need > > the ability to receive SMS - instead of granting SMS permission, we could > > expose a read-only SMS datastore which other apps could observe changes on > > which removes the cost risk (but not the sensitive data risk). > > I don't understand how having a read only access would prevent a webpage > from reading a 2-factor auth SMS. > > I wonder if we could have a permission as fine as giving access to a > specific thread ? > Or access to some properties (the phone numbers) but not others (the SMS > content) ? > > I'm also not sure how a user can choose knowingly whether he should give > access to such things from this webpage :/
Neither am I. I think this calls for "Trusted Web Applications" that would be installed locally but invoked from untrusted code. It would be a complement to https://lists.w3.org/Archives/Public/public-web-intents/2015Feb/0000.html Trusted web applications would be signed and be usable in IFRAMEs. Anders _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
