On Thu, Nov 19, 2009 at 4:49 PM, Marcin Hanclik <[email protected]> wrote: > Hi Jonas, Maciej, > > It seems that the policy that you would accept would be: > > <policy-set combine="deny-overrides"> > <policy description="Default Policy for websites. Simply denying all API > that are covered by some device capability:) "> > <target> > <subject> > <subject-match attr="class" match="website" func="equal"/> > </subject> > </target> > <rule effect="deny"> > <condition> > <resource-match attr="device-cap" func="regexp">/.+/</resource-match> > </condition> > </rule> > </policy> > </policy-set> > > Let's see how DAP will evolve then.
Given that I don't know the specifics about this policy format I can't comment on the above policy specifically. However I will note that the security experts at Mozilla did agree that opening a non-modal dialog asking for access to geo-location was considered acceptable, as I noted in a previous email. I don't know what effect that has on the above policy. I don't know what policy other browsers have used in this area. / Jonas
