On Tue, Jun 2, 2009 at 12:28 PM, Marcin Hanclik <[email protected]> wrote: > Hi Henri, > >>>I think it would be preferable to design APIs in such a way that >>>security/privacy aspects of the API are Web-ready, i.e. the same API >>>could be exposed to Web content. (I consider the design of the >>>Geolocation API and it's authorization UI in Firefox Web-ready in this >>>sense.) > There is no problem with the APIs within the Web content. > There is just a difference on the security policy level whether unauthorized > Web content (website vs. widget) may access the API. > http://bondi.omtp.org/1.0/security/BONDI_Architecture_and_Security_Appendices_v1.0.pdf, > section B.4.(1|2). >
Right. This is applicable for BONDI user agents, but not necessarily user agents that use the W3C's DAP-WG APIs. It is unlikely that Web Browsers will become BONDI compliant given the DAP work. -- Marcos Caceres http://datadriven.com.au
