On 02/26/2015 07:11 AM, Fernando Jiménez Moreno wrote:
> Thanks for starting this thread Antonio.
>
> On the scenario that you propose, at least for the use case that you
> provided (settings), it seems that we are moving the permission check
> from Gecko to Gaia. On Gecko we currently have signed apps and a list of
> permissions associated to them. On the content side we don't have any of
> this information available. Could you elaborate a bit more about how
> would the Service decide if a 3rd party app can access or not the
> wrapped resource. In other words, how would third party apps request
> permission to access the content controlled by the Service?
Yep, that's the key point for me. Exposing more apis is not hard,
vetting who can use them is. If I were playing the devil's advocate, I
would say that the current proposal is not different from just removing
permission checks.
(yes, I know there are other use cases beyond api access that justify
cross-origin messaging).
Fabrice
--
Fabrice Desré
b2g team
Mozilla Corporation
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
