Re: Pointer lock spec

On Wed, Apr 1, 2015 at 1:49 AM, Vincent Scheib wrote: > > You raised this point in 2011, resulting in my adding this spec section > you reference. The relevant bit being: > """ > ... a concern of specifying what units mouse movement data are provided > in. This specification defines .movementX/Y p

[W3C TCP and UDP Socket API]: Status and home for this specification

Hi all, Related to the recent mail thread about the SysApps WG and its deliverables I would like to make a report of the status of the TCP and UDP Socket API, http://www.w3.org/2012/sysapps/tcp-udp-sockets/. Note that this specification is still being worked on. Latest merged PR was March 30.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1 wrote: > A webapp could for example request permission to create a TCP connection to a > certain host. That does not seem like an acceptable solution. Deferring this to the user puts the user at undue risk as they cannot reason about this question

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1 < claes1.nils...@sonymobile.com> wrote: > Hi all, > > > > Related to the recent mail thread about the SysApps WG and its > deliverables I would like to make a report of the status of the TCP and UDP > Socket API, http://www.w3.org/2012/sysapps/tcp-u

[Bug 24475] StorageQuota.supportedTypes should return a frozen Array

https://www.w3.org/Bugs/Public/show_bug.cgi?id=24475 Arthur Barstow changed: What|Removed |Added Status|NEW |RESOLVED CC|

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

Hi Anne, This is a misunderstanding that probably depends on that I used the word "permission", which people associate with "user permission". User permissions are absolutely not enough to provide access to this API. However, work is ongoing in the Web App Sec WG that may provide basis for a se

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

See inline. BR Claes Claes Nilsson Master Engineer - Web Research Advanced Application Lab, Technology Sony Mobile Communications Tel: +46 70 55 66 878 claes1.nils...@sonymobile.com sonymobile.com [cid:image003.png@01D06C95.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1 wrote: > However, work is ongoing in the Web App Sec WG that may provide basis > for a security model for this API. Please read section 4, > http://www.w3.org/2012/sysapps/tcp-udp-sockets/#security-and-privacy-considerations I don't see anything the

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

This distinction between user permission and general permission is key, I think. For example, I could naively imagine something like the browser auto-granting permission if the requested remoteAddress is equal to the IP address of the origin executing the API. Possibly with a pre-flight request

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 4:15 PM, Domenic Denicola wrote: > For example, I could naively imagine something like the browser auto-granting > permission [...] If there is a proposal for a security model that needs to be part of the document. There's no way this will get interoperable without specify

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

I think it's OK for different browsers to experiment with different non-interoperable conditions under which they fulfill or reject the permissions promise. That's already true for most permissions grants today.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola wrote: > I think it's OK for different browsers to experiment with different > non-interoperable conditions under which they fulfill or reject the > permissions promise. That's already true for most permissions grants today. It's true when UX is

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On 2015-04-01 16:11, Anne van Kesteren wrote: On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1 wrote: However, work is ongoing in the Web App Sec WG that may provide basis for a security model for this API. Please read section 4, http://www.w3.org/2012/sysapps/tcp-udp-sockets/#security-and-priva

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 4:30 PM, Anne van Kesteren wrote: > On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola wrote: >> I think it's OK for different browsers to experiment with different >> non-interoperable conditions under which they fulfill or reject the >> permissions promise. That's already

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking wrote: > Not saying that we can use CORS to solve this, or that we should > extend CORS to solve this. My point is that CORS works because it was > specified and implemented across browsers. If we'd do something like > what Domenic proposes, I think t

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 6:37 PM, Florian Bösch wrote: > On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking wrote: >> >> Not saying that we can use CORS to solve this, or that we should >> extend CORS to solve this. My point is that CORS works because it was >> specified and implemented across browsers.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

It's a fair point, but without an origin authoritative opt-in it's not gonna happen no matter what. Imagine say the displeasure of awesomeEmail2000.com if trough some manner of XSS exploit (say in google adds) suddenly millions of web-visitors connect to their email server simultaneously... On Wed

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

From: Jonas Sicking [mailto:jo...@sicking.cc] > I agree with Anne. What Domenic describes sounds like something similar to > CORS. I.e. a network protocol which lets a server indicate that it trusts a > given > party. I think my point would have been stronger without the /.well-known protocol t

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On 4/1/15 12:50 PM, Domenic Denicola wrote: Do you think it's acceptable for browser to experiment with e.g. auto-granting permission if the requested remoteAddress is equal to the IP address of the origin executing the API? This particular example sets of alarm bells for me because of virtua

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

From: Boris Zbarsky [mailto:bzbar...@mit.edu] > This particular example sets of alarm bells for me because of virtual hosting. Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific examples. Let's forget I said anything... > As in, this seems like precisely the sort of

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote: > My argument is that it's not materially different from existing permissions > APIs. Sometimes the promise is rejected, sometimes it isn't. (Note that > either outcome could happen without the user ever seeing a prompt.) The code > works

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote: > From: Boris Zbarsky [mailto:bzbar...@mit.edu] > >> This particular example sets of alarm bells for me because of virtual >> hosting. > > Eek! Yeah, OK, I think it's best I refrain from trying to come up with > specific examples. Let's for

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On 2015-04-01 20:47, Jonas Sicking wrote: On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote: From: Boris Zbarsky [mailto:bzbar...@mit.edu] This particular example sets of alarm bells for me because of virtual hosting. Eek! Yeah, OK, I think it's best I refrain from trying to come up wi

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On Wed, Apr 1, 2015 at 9:00 PM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > > Who would like to get something like that in their face when buying stuff > on the web? 14% of users recognize changes in content of a security prompt. An MRI scan shows that at the second security prompt

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

Hi all. You've mistakenly cc'ed my father on this thread. Here's my address. On Wed, Apr 1, 2015 at 2:22 AM, Nilsson, Claes1 < claes1.nils...@sonymobile.com> wrote: > Hi all, > > > > Related to the recent mail thread about the SysApps WG and its > deliverables I would like to make a report of the

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

Oh, I should add one thing. I think that the TCPSocket and UDPSocket APIs are great. There is a growing number of implementations of proprietary platforms which are heavily based on web technologies. The most well known one is Cordova. Platforms like those were the original audience for the TCP/UD

Minutes IndieUI Teleconference 1 April 2015

http://www.w3.org/2015/04/01-indie-ui-minutes.html