Its a comfortable notion that an origin == application, but the reality is that a single site can host multiple applications, and that an individual application can span multiple origins.
We can probably do better than imposing the origin == application model on everybody. The only organizing principles we have for web permission granting are at the page level or at the origin level. Neither of these is particularly satisfying. I think end users would like to see things in terms of "applications". The web provides no means of identifying which pages/origins should be considered part of an application. If there was a sense of "application'ness", we could apply permissions to them... which is a desirable goal i think. So how to establish a sense of application'ness? <html application = urlToAppIdentifyingFile> If a page that doesn't identify itself start requesting permissions... fallback on the origin = application model. _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
