On Friday 2015-01-30 11:14 +0100, Anne van Kesteren wrote:
> On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron <dba...@dbaron.org> wrote:
> > I'm particularly interested in review of point (3) in what I've written;
> > I feel that the argument I've written so far is weak, I think because I
> > don't particularly understand the concerns about the powerfulfeatures
> > draft.
> 
> So for what it's worth, I think I'm in disagreement with Eric about
> what WebAppSec's role should/could be. Groups at the W3C that go at it
> alone often make questionable choices when it comes to a number of
> things that are not their expertise so having some amount of informal
> oversight is definitely warranted. And the group of people that make
> up WebAppSec definitely appears to have the competence.
> 
> I don't really see where else "powerful features" would go and we do
> need it. (Now permissions API is another matter as that requires UX
> expertise.)

My understanding is that the objections to powerfulfeatures are over
the possibility of powerfulfeatures defining what is and isn't a
powerful feature, because that should be decided primarily by the
group developing the feature.

Is that the part you think is important, or is the part that you
think is important the part that defines algorithms for whether a
context/origin is sufficiently secure or trustworthy?

-David

-- 
𝄞   L. David Baron                         http://dbaron.org/   𝄂
𝄢   Mozilla                          https://www.mozilla.org/   𝄂
             Before I built a wall I'd ask to know
             What I was walling in or walling out,
             And to whom I was like to give offense.
               - Robert Frost, Mending Wall (1914)

Attachment: signature.asc
Description: Digital signature

_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to