Lastly, if there is a decision to continue to work on this API I can remain
as main editor. However, I can currently not commit to more extensive tasks
such as implementation and test cases.
Claes
Do you have information on W3C members committed to implementation test cases
going
Hi again Frederick,
I plan to issue a CFC for moving the TCP and UDP Socket API specification to a
CG. However, before that, do you think that one option could be DAP? I assume
that would require a modified charter.
BR
Claes
Claes Nilsson
Master Engineer - Web Research
Advanced
Hi Frederick,
The implementations I am aware of are:
* Mozilla FFOS: There is an ongoing implementation of the UDP API. See
https://bugzilla.mozilla.org/show_bug.cgi?id=745283
* Crosswalk: An experimental implementation of the old, non-stream-based
version. See
On 2015-04-07 07:07, Nilsson, Claes1 wrote:
Hi Frederick,
The implementations I am aware of are:
* Mozilla FFOS: There is an ongoing implementation of the UDP API. See https://bugzilla.mozilla.org/show_bug.cgi?id=745283
* Crosswalk: An experimental implementation of the old,
Thanks for all replies to my mail below.
To address the security/webapp permission to use the API- issue I see the
following alternatives:
1. Keep as is: This means that the way permission is given to a webapp to
use the API is not defined by the TCP and UDP Socket API, only methods to
On 2015-04-02 09:56, Jeffrey Yasskin wrote:
It seems like a CG is appropriate for the Sockets API. It's not clear
that a browser is going to adopt it unless the Trust Permissions CG
comes up something, but if more native platforms like Cordova and FFOS
want to coordinate on a shared
On Thu, Apr 2, 2015 at 2:40 PM, Anders Rundgren
anders.rundgren@gmail.com wrote:
Obviously we need a model where the code is vetted for
DoingTheRightThing(tm).
This is essentially about two things: trust and the capability to vet.
Both of these things cannot be solved conclusively, or
On 2015-04-02 11:46, Nilsson, Claes1 wrote:
Thanks for all replies to my mail below.
To address the “security/webapp permission to use the API”- issue I see the
following alternatives:
1.Keep as is: This means that the way permission is given to a webapp to use
the API is not defined by the
It seems like a CG is appropriate for the Sockets API. It's not clear that
a browser is going to adopt it unless the Trust Permissions CG comes up
something, but if more native platforms like Cordova and FFOS want to
coordinate on a shared interface, a CG is a good place to iterate on that.
If
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
A webapp could for example request permission to create a TCP connection to a
certain host.
That does not seem like an acceptable solution. Deferring this to the
user puts the user at undue risk as they
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
Hi all,
Related to the recent mail thread about the SysApps WG and its
deliverables I would like to make a report of the status of the TCP and UDP
Socket API,
See inline.
BR
Claes
Claes Nilsson
Master Engineer - Web Research
Advanced Application Lab, Technology
Sony Mobile Communications
Tel: +46 70 55 66 878
claes1.nils...@sonymobile.commailto:firstname.lastn...@sonymobile.com
sonymobile.comhttp://sonymobile.com/
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
However, work is ongoing in the Web App Sec WG that may provide basis
for a security model for this API. Please read section 4,
Hi Anne,
This is a misunderstanding that probably depends on that I used the word
permission, which people associate with user permission. User permissions
are absolutely not enough to provide access to this API. However, work is
ongoing in the Web App Sec WG that may provide basis for a
This distinction between user permission and general permission is key, I think.
For example, I could naively imagine something like the browser auto-granting
permission if the requested remoteAddress is equal to the IP address of the
origin executing the API. Possibly with a pre-flight request
On Wed, Apr 1, 2015 at 4:15 PM, Domenic Denicola d...@domenic.me wrote:
For example, I could naively imagine something like the browser auto-granting
permission [...]
If there is a proposal for a security model that needs to be part of
the document. There's no way this will get interoperable
I think it's OK for different browsers to experiment with different
non-interoperable conditions under which they fulfill or reject the permissions
promise. That's already true for most permissions grants today.
On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola d...@domenic.me wrote:
I think it's OK for different browsers to experiment with different
non-interoperable conditions under which they fulfill or reject the
permissions promise. That's already true for most permissions grants today.
It's
On 2015-04-01 16:11, Anne van Kesteren wrote:
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
However, work is ongoing in the Web App Sec WG that may provide basis
for a security model for this API. Please read section 4,
On Wed, Apr 1, 2015 at 4:30 PM, Anne van Kesteren ann...@annevk.nl wrote:
On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola d...@domenic.me wrote:
I think it's OK for different browsers to experiment with different
non-interoperable conditions under which they fulfill or reject the
It's a fair point, but without an origin authoritative opt-in it's not
gonna happen no matter what. Imagine say the displeasure of
awesomeEmail2000.com if trough some manner of XSS exploit (say in google
adds) suddenly millions of web-visitors connect to their email server
simultaneously...
On
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
This particular example sets of alarm bells for me because of virtual hosting.
Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific
examples. Let's forget I said anything...
As in, this seems like precisely the sort of
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote:
My argument is that it's not materially different from existing permissions
APIs. Sometimes the promise is rejected, sometimes it isn't. (Note that
either outcome could happen without the user ever seeing a prompt.) The
On Wed, Apr 1, 2015 at 6:37 PM, Florian Bösch pya...@gmail.com wrote:
On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking jo...@sicking.cc wrote:
Not saying that we can use CORS to solve this, or that we should
extend CORS to solve this. My point is that CORS works because it was
specified and
From: Jonas Sicking [mailto:jo...@sicking.cc]
I agree with Anne. What Domenic describes sounds like something similar to
CORS. I.e. a network protocol which lets a server indicate that it trusts a
given
party.
I think my point would have been stronger without the /.well-known protocol
On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking jo...@sicking.cc wrote:
Not saying that we can use CORS to solve this, or that we should
extend CORS to solve this. My point is that CORS works because it was
specified and implemented across browsers. If we'd do something like
what Domenic
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote:
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
This particular example sets of alarm bells for me because of virtual
hosting.
Eek! Yeah, OK, I think it's best I refrain from trying to come up with
specific examples.
On Wed, Apr 1, 2015 at 9:00 PM, Anders Rundgren
anders.rundgren@gmail.com wrote:
Who would like to get something like that in their face when buying stuff
on the web?
14% of users recognize changes in content of a security prompt. An MRI scan
shows that at the second security prompt in a
On 2015-04-01 20:47, Jonas Sicking wrote:
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote:
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
This particular example sets of alarm bells for me because of virtual hosting.
Eek! Yeah, OK, I think it's best I refrain from
On 4/1/15 12:50 PM, Domenic Denicola wrote:
Do you think it's acceptable for browser to experiment with e.g. auto-granting
permission if the requested remoteAddress is equal to the IP address of the
origin executing the API?
This particular example sets of alarm bells for me because of
Oh, I should add one thing.
I think that the TCPSocket and UDPSocket APIs are great. There is a
growing number of implementations of proprietary platforms which are
heavily based on web technologies. The most well known one is Cordova.
Platforms like those were the original audience for the
Hi all. You've mistakenly cc'ed my father on this thread. Here's my address.
On Wed, Apr 1, 2015 at 2:22 AM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
Hi all,
Related to the recent mail thread about the SysApps WG and its
deliverables I would like to make a report of the status
32 matches
Mail list logo