The Entry.toURI method specified in the FileSystem spec [1] currently has an open issue to define its format. I believe we also need to describe the ways in which it can and cannot be used, as some potential uses may have security implications.
I propose the following format: filesystem:{protocol}://{domain}[:port]/{storage type}/{path} e.g. filesystem:https://www.google.com/persistent/images/logo.png I think that, for the domain that owns the asset referred to by the URI, pretty much any reasonable use should be allowed: video/audio/img/iframe/script sources, XHR [GET only], etc. I'm iffier on allowing any access to other origins, even for e.g. img sources, even though they're normally allowed cross-origin. I'd love to hear security arguments against and use cases for cross-origin access. Of course, it's always easiest/safest to start out not allowing such a thing and relax the rules later. Thanks in advance for any comments. Eric Uhrhane er...@google.com [1] http://dev.w3.org/2009/dap/file-system/file-dir-sys.html#widl-Entry-toURI