- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Wed, 20 Oct 2010 18:40:24 +0200
- To: Niklas Widell <niklas.widell@ericsson.com>
- Cc: "'public-device-apis@w3.org'" <public-device-apis@w3.org>
Le mercredi 20 octobre 2010 à 17:38 +0200, Niklas Widell a écrit :
> Looking at the Prague minutes I think the discussion in Prague which
> resulted in ACTION-132 had a subtle difference to the "proposal" here.
> ACTION-132 is about looking into assisting developers with event
> filtering, while the "proposal" here is to filter which messages the
> app is actually is allowed to see.
To clarify, one of the things that were mentioned in Prague was that the
subscription to events should require a filtering argument, e.g.:
var myEmailListener =
navigator.device.messaging.onIncomingEmail({from:"dom@w3.org"},
callback);
If left empty, the app would receive nothing. Of course, there should
probably be some form of wildcards available, but the idea is that in an
interactive context, the user would be able to accept or refuse that
filtering, and maybe even tweak it (e.g. the app requests access to
everything, but the user only allows access to message from a specific
address).
I can see why it would be interesting to bring that to installation time
rather than execution time, but as a user, I'm not sure I would
necessarily find the experience adequate (also, it wouldn't be mappable
in most existing systems). But I'm certainly not opposed to explore that
path either.
In any case, I think the first step is to try to capture these
discussions (and the others that we have had on the scope of messaging
in trusted/untrusted environments) as part of the security
considerations of the draft spec...
Dom
Received on Wednesday, 20 October 2010 16:40:44 UTC