On 4/17/2012 3:43 PM, Maire Reavy wrote: > > It feels like we are designing most of the chrome UX/UI for this feature on > this thread -- instead of just calling out > the security requirements for a UX/UI design of the chrome. If we are > designing the UX/UI on this thread, then we need > to get the UX/UI people (people like Boriss) involved. > > We definitely need to design the chrome UX/UI piece of the app, including > mock ups. I just thought that was a separate > thread/meeting that happened after we got the security requirements from this > thread. > > What am I missing or misunderstanding? Or is the entire design happening now > and therefore I should be pinging the > UX/UI people to get on this thread ASAP?
We are designing the security model for these APIs, which has potential implications for the app use cases and UX. Nobody is proposing a particular button design here, but the question of which mechanism we use is integral to the security model. We are having this discussion on the webapps list specifically because we need the broader perspective (outside of just security) to ensure we understand the inherent tradeoffs in the various proposals. Thanks! Lucas. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
