> There is still an open question on how a permissions manager should > respond in the event of a DENIED permission. One suggestion is to not > error out but return some default/safe value e.g. no contacts if an > app is not granted Contacts information. A concern of this proposal > is that an app may continue to poll for a permission until it is > granted or an app may pop up a dialog to have the user grant the > permission.
I don't understand this. Can you give a concrete example of what the problem is here, for example with the current geolocation API? All of our APIs are async, so there's no polling involved, as far as I understand. > ----- Original Message ----- >> From: "Jim Straus" <[email protected]> >> To: "Jonas Sicking" <[email protected]> >> Cc: [email protected], [email protected], >> [email protected], "mozilla dev webapps" >> <[email protected]>, "Mozilla B2G mailing list" >> <[email protected]> >> Sent: Tuesday, March 13, 2012 1:09:06 PM >> Subject: Re: [b2g] OpenWebApps/B2G Security model >> >> Hello all - >> I've been sketching out an implementation of permissions. I've >> laid out some code framework, but wanted to through tis out for >> validation. Assumptions: that B2G/Firefox will have separate >> processes for each app/tab. This is already declared to be true >> (but not implemented) for B2G. This proposal doesn't required ipc >> , but I believe we need to support it. Also note that this should >> be able to replace the existing Permission and PermissionManager >> in gecko. > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
