Re: Pointer lock spec

2015-04-01 Thread Florian Bösch
On Wed, Apr 1, 2015 at 1:49 AM, Vincent Scheib sch...@google.com wrote: You raised this point in 2011, resulting in my adding this spec section you reference. The relevant bit being: ... a concern of specifying what units mouse movement data are provided in. This specification defines

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1 claes1.nils...@sonymobile.com wrote: A webapp could for example request permission to create a TCP connection to a certain host. That does not seem like an acceptable solution. Deferring this to the user puts the user at undue risk as they

[W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Nilsson, Claes1
Hi all, Related to the recent mail thread about the SysApps WG and its deliverables I would like to make a report of the status of the TCP and UDP Socket API, http://www.w3.org/2012/sysapps/tcp-udp-sockets/. Note that this specification is still being worked on. Latest merged PR was March 30.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1 claes1.nils...@sonymobile.com wrote: Hi all, Related to the recent mail thread about the SysApps WG and its deliverables I would like to make a report of the status of the TCP and UDP Socket API,

[Bug 24475] StorageQuota.supportedTypes should return a frozen Array

2015-04-01 Thread bugzilla
https://www.w3.org/Bugs/Public/show_bug.cgi?id=24475 Arthur Barstow art.bars...@gmail.com changed: What|Removed |Added Status|NEW |RESOLVED

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Nilsson, Claes1
See inline. BR Claes Claes Nilsson Master Engineer - Web Research Advanced Application Lab, Technology Sony Mobile Communications Tel: +46 70 55 66 878 claes1.nils...@sonymobile.commailto:firstname.lastn...@sonymobile.com sonymobile.comhttp://sonymobile.com/

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1 claes1.nils...@sonymobile.com wrote: However, work is ongoing in the Web App Sec WG that may provide basis for a security model for this API. Please read section 4,

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Nilsson, Claes1
Hi Anne, This is a misunderstanding that probably depends on that I used the word permission, which people associate with user permission. User permissions are absolutely not enough to provide access to this API. However, work is ongoing in the Web App Sec WG that may provide basis for a

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
This distinction between user permission and general permission is key, I think. For example, I could naively imagine something like the browser auto-granting permission if the requested remoteAddress is equal to the IP address of the origin executing the API. Possibly with a pre-flight request

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 4:15 PM, Domenic Denicola d...@domenic.me wrote: For example, I could naively imagine something like the browser auto-granting permission [...] If there is a proposal for a security model that needs to be part of the document. There's no way this will get interoperable

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
I think it's OK for different browsers to experiment with different non-interoperable conditions under which they fulfill or reject the permissions promise. That's already true for most permissions grants today.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola d...@domenic.me wrote: I think it's OK for different browsers to experiment with different non-interoperable conditions under which they fulfill or reject the permissions promise. That's already true for most permissions grants today. It's

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anders Rundgren
On 2015-04-01 16:11, Anne van Kesteren wrote: On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1 claes1.nils...@sonymobile.com wrote: However, work is ongoing in the Web App Sec WG that may provide basis for a security model for this API. Please read section 4,

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
On Wed, Apr 1, 2015 at 4:30 PM, Anne van Kesteren ann...@annevk.nl wrote: On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola d...@domenic.me wrote: I think it's OK for different browsers to experiment with different non-interoperable conditions under which they fulfill or reject the

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
It's a fair point, but without an origin authoritative opt-in it's not gonna happen no matter what. Imagine say the displeasure of awesomeEmail2000.com if trough some manner of XSS exploit (say in google adds) suddenly millions of web-visitors connect to their email server simultaneously... On

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
From: Boris Zbarsky [mailto:bzbar...@mit.edu] This particular example sets of alarm bells for me because of virtual hosting. Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific examples. Let's forget I said anything... As in, this seems like precisely the sort of

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote: My argument is that it's not materially different from existing permissions APIs. Sometimes the promise is rejected, sometimes it isn't. (Note that either outcome could happen without the user ever seeing a prompt.) The

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
On Wed, Apr 1, 2015 at 6:37 PM, Florian Bösch pya...@gmail.com wrote: On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking jo...@sicking.cc wrote: Not saying that we can use CORS to solve this, or that we should extend CORS to solve this. My point is that CORS works because it was specified and

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
From: Jonas Sicking [mailto:jo...@sicking.cc] I agree with Anne. What Domenic describes sounds like something similar to CORS. I.e. a network protocol which lets a server indicate that it trusts a given party. I think my point would have been stronger without the /.well-known protocol

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking jo...@sicking.cc wrote: Not saying that we can use CORS to solve this, or that we should extend CORS to solve this. My point is that CORS works because it was specified and implemented across browsers. If we'd do something like what Domenic

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote: From: Boris Zbarsky [mailto:bzbar...@mit.edu] This particular example sets of alarm bells for me because of virtual hosting. Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific examples.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
On Wed, Apr 1, 2015 at 9:00 PM, Anders Rundgren anders.rundgren@gmail.com wrote: Who would like to get something like that in their face when buying stuff on the web? 14% of users recognize changes in content of a security prompt. An MRI scan shows that at the second security prompt in a

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anders Rundgren
On 2015-04-01 20:47, Jonas Sicking wrote: On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote: From: Boris Zbarsky [mailto:bzbar...@mit.edu] This particular example sets of alarm bells for me because of virtual hosting. Eek! Yeah, OK, I think it's best I refrain from

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Boris Zbarsky
On 4/1/15 12:50 PM, Domenic Denicola wrote: Do you think it's acceptable for browser to experiment with e.g. auto-granting permission if the requested remoteAddress is equal to the IP address of the origin executing the API? This particular example sets of alarm bells for me because of

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
Oh, I should add one thing. I think that the TCPSocket and UDPSocket APIs are great. There is a growing number of implementations of proprietary platforms which are heavily based on web technologies. The most well known one is Cordova. Platforms like those were the original audience for the

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jeffrey Yasskin
Hi all. You've mistakenly cc'ed my father on this thread. Here's my address. On Wed, Apr 1, 2015 at 2:22 AM, Nilsson, Claes1 claes1.nils...@sonymobile.com wrote: Hi all, Related to the recent mail thread about the SysApps WG and its deliverables I would like to make a report of the status

Minutes IndieUI Teleconference 1 April 2015

2015-04-01 Thread Michael Cooper
http://www.w3.org/2015/04/01-indie-ui-minutes.html