On 1/2/12 20:03 , Ian Hickson wrote:
As a user when I install an app, I want to be able to give it access to
a selection of:
Providing access to these things when the app is installed is IMHO a net
worse security model than granting access to these things implicitly when
the feature is needed.
JCD: I do not see why the granting of privileges should be implicit when
some webapp is "installed".
I believe Tim was hinting (through the use of the words "a selection
of") at non-implicit, selective granting.
Others in the thread have tried to clarify the "installation".
Something that could reconcile Tim and Ian might be to just consider
"installation" as "an association of a selection of privileges to a webapp".
One privilege among others could be "to be locally stored".
What strikes me as important right now is:
- the level of detail of requested privileges vs. the "training of the
users to just accept without reading";
- the duration of the association of a set of privileges to webapps...
Best regards
JC
--
JC Dufourd
Directeur d'Etudes/Professor
Groupe Multimedia/Multimedia Group
Traitement du Signal et Images/Signal and Image Processing
Telecom ParisTech, 37-39 rue Dareau, 75014 Paris, France
Tel: +33145817733 - Mob: +33677843843 - Fax: +33145817144
