On Jun 2, 2009, at 14:57 , Henri Sivonen wrote:
Please include a corresponding UA requirement to obtain authorization from the user for the features imported with <feature>. (It seems that the security aspect requires an authorization and doesn't make sense if the dangerous feature are simply imported silently.) As far as I can tell, the spec doesn't currently explain what the UA is supposed to do with the 'feature list' once built.
I don't think that that is a good idea. The purpose of <feature> is to provide a hook through which a widget may communicate with a security policy. What's in the security policy really isn't up to P+C to define (though it certainly should be defined somewhere else). Maybe it could ask the user, as you state, but maybe it could see that the widget was signed by a trusted party, or know that the device doesn't have any sensitive data for a given API, or maybe anything goes on the full moon.
-- Robin Berjon - http://berjon.com/ Feel like hiring me? Go to http://robineko.com/
