On Wed, Apr 1, 2015 at 1:49 AM, Vincent Scheib sch...@google.com wrote:
You raised this point in 2011, resulting in my adding this spec section
you reference. The relevant bit being:
... a concern of specifying what units mouse movement data are provided
in. This specification defines
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
A webapp could for example request permission to create a TCP connection to a
certain host.
That does not seem like an acceptable solution. Deferring this to the
user puts the user at undue risk as they
Hi all,
Related to the recent mail thread about the SysApps WG and its deliverables I
would like to make a report of the status of the TCP and UDP Socket API,
http://www.w3.org/2012/sysapps/tcp-udp-sockets/.
Note that this specification is still being worked on. Latest merged PR was
March 30.
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
Hi all,
Related to the recent mail thread about the SysApps WG and its
deliverables I would like to make a report of the status of the TCP and UDP
Socket API,
https://www.w3.org/Bugs/Public/show_bug.cgi?id=24475
Arthur Barstow art.bars...@gmail.com changed:
What|Removed |Added
Status|NEW |RESOLVED
See inline.
BR
Claes
Claes Nilsson
Master Engineer - Web Research
Advanced Application Lab, Technology
Sony Mobile Communications
Tel: +46 70 55 66 878
claes1.nils...@sonymobile.commailto:firstname.lastn...@sonymobile.com
sonymobile.comhttp://sonymobile.com/
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
However, work is ongoing in the Web App Sec WG that may provide basis
for a security model for this API. Please read section 4,
Hi Anne,
This is a misunderstanding that probably depends on that I used the word
permission, which people associate with user permission. User permissions
are absolutely not enough to provide access to this API. However, work is
ongoing in the Web App Sec WG that may provide basis for a
This distinction between user permission and general permission is key, I think.
For example, I could naively imagine something like the browser auto-granting
permission if the requested remoteAddress is equal to the IP address of the
origin executing the API. Possibly with a pre-flight request
On Wed, Apr 1, 2015 at 4:15 PM, Domenic Denicola d...@domenic.me wrote:
For example, I could naively imagine something like the browser auto-granting
permission [...]
If there is a proposal for a security model that needs to be part of
the document. There's no way this will get interoperable
I think it's OK for different browsers to experiment with different
non-interoperable conditions under which they fulfill or reject the permissions
promise. That's already true for most permissions grants today.
On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola d...@domenic.me wrote:
I think it's OK for different browsers to experiment with different
non-interoperable conditions under which they fulfill or reject the
permissions promise. That's already true for most permissions grants today.
It's
On 2015-04-01 16:11, Anne van Kesteren wrote:
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
However, work is ongoing in the Web App Sec WG that may provide basis
for a security model for this API. Please read section 4,
On Wed, Apr 1, 2015 at 4:30 PM, Anne van Kesteren ann...@annevk.nl wrote:
On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola d...@domenic.me wrote:
I think it's OK for different browsers to experiment with different
non-interoperable conditions under which they fulfill or reject the
It's a fair point, but without an origin authoritative opt-in it's not
gonna happen no matter what. Imagine say the displeasure of
awesomeEmail2000.com if trough some manner of XSS exploit (say in google
adds) suddenly millions of web-visitors connect to their email server
simultaneously...
On
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
This particular example sets of alarm bells for me because of virtual hosting.
Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific
examples. Let's forget I said anything...
As in, this seems like precisely the sort of
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote:
My argument is that it's not materially different from existing permissions
APIs. Sometimes the promise is rejected, sometimes it isn't. (Note that
either outcome could happen without the user ever seeing a prompt.) The
On Wed, Apr 1, 2015 at 6:37 PM, Florian Bösch pya...@gmail.com wrote:
On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking jo...@sicking.cc wrote:
Not saying that we can use CORS to solve this, or that we should
extend CORS to solve this. My point is that CORS works because it was
specified and
From: Jonas Sicking [mailto:jo...@sicking.cc]
I agree with Anne. What Domenic describes sounds like something similar to
CORS. I.e. a network protocol which lets a server indicate that it trusts a
given
party.
I think my point would have been stronger without the /.well-known protocol
On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking jo...@sicking.cc wrote:
Not saying that we can use CORS to solve this, or that we should
extend CORS to solve this. My point is that CORS works because it was
specified and implemented across browsers. If we'd do something like
what Domenic
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote:
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
This particular example sets of alarm bells for me because of virtual
hosting.
Eek! Yeah, OK, I think it's best I refrain from trying to come up with
specific examples.
On Wed, Apr 1, 2015 at 9:00 PM, Anders Rundgren
anders.rundgren@gmail.com wrote:
Who would like to get something like that in their face when buying stuff
on the web?
14% of users recognize changes in content of a security prompt. An MRI scan
shows that at the second security prompt in a
On 2015-04-01 20:47, Jonas Sicking wrote:
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola d...@domenic.me wrote:
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
This particular example sets of alarm bells for me because of virtual hosting.
Eek! Yeah, OK, I think it's best I refrain from
On 4/1/15 12:50 PM, Domenic Denicola wrote:
Do you think it's acceptable for browser to experiment with e.g. auto-granting
permission if the requested remoteAddress is equal to the IP address of the
origin executing the API?
This particular example sets of alarm bells for me because of
Oh, I should add one thing.
I think that the TCPSocket and UDPSocket APIs are great. There is a
growing number of implementations of proprietary platforms which are
heavily based on web technologies. The most well known one is Cordova.
Platforms like those were the original audience for the
Hi all. You've mistakenly cc'ed my father on this thread. Here's my address.
On Wed, Apr 1, 2015 at 2:22 AM, Nilsson, Claes1
claes1.nils...@sonymobile.com wrote:
Hi all,
Related to the recent mail thread about the SysApps WG and its
deliverables I would like to make a report of the status
http://www.w3.org/2015/04/01-indie-ui-minutes.html
27 matches
Mail list logo
