On Fri, Jan 30, 2015 at 3:15 PM, L. David Baron <dba...@dbaron.org> wrote:
> On Friday 2015-01-30 11:14 +0100, Anne van Kesteren wrote: > > On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron <dba...@dbaron.org> > wrote: > > > I'm particularly interested in review of point (3) in what I've > written; > > > I feel that the argument I've written so far is weak, I think because I > > > don't particularly understand the concerns about the powerfulfeatures > > > draft. > > > > So for what it's worth, I think I'm in disagreement with Eric about > > what WebAppSec's role should/could be. Groups at the W3C that go at it > > alone often make questionable choices when it comes to a number of > > things that are not their expertise so having some amount of informal > > oversight is definitely warranted. And the group of people that make > > up WebAppSec definitely appears to have the competence. > > > > I don't really see where else "powerful features" would go and we do > > need it. (Now permissions API is another matter as that requires UX > > expertise.) > > My understanding is that the objections to powerfulfeatures are over > the possibility of powerfulfeatures defining what is and isn't a > powerful feature, because that should be decided primarily by the > group developing the feature. > That and the attempt by WebAppSec to mandate particular comsec treatment for said features. Is that the part you think is important, or is the part that you > think is important the part that defines algorithms for whether a > context/origin is sufficiently secure or trustworthy? I'm fine with a taxonomy of the security level of contexts/origins. -Ekr > > -David > > -- > 𝄞 L. David Baron http://dbaron.org/ 𝄂 > 𝄢 Mozilla https://www.mozilla.org/ 𝄂 > Before I built a wall I'd ask to know > What I was walling in or walling out, > And to whom I was like to give offense. > - Robert Frost, Mending Wall (1914) > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform