bject: Re: [W3C TCP and UDP Socket API]: Status and home for this
specification
Lastly, if there is a decision to continue to work on this API I can
remain as main editor. However, I can currently not commit to more
extensive tasks such as implementation and test cases.
Claes
Do you have inform
Device APIs Working Group;
> Domenic Denicola; slightly...@chromium.org; yass...@gmail.com
> Subject: RE: [W3C TCP and UDP Socket API]: Status and home for this
> specification
>
> Hi Frederick,
>
> The implementations I am aware of are:
>
> * Mozilla FFOS: There is a
nal Message-
> From: Frederick Hirsch [mailto:w...@fjhirsch.com]
> Sent: den 7 april 2015 13:53
> To: Nilsson, Claes1
> Cc: public-sysa...@w3.org; public-webapps; Device APIs Working Group;
> Domenic Denicola; slightly...@chromium.org; yass...@gmail.com
> Subject: Re: [W3C T
> Lastly, if there is a decision to continue to work on this API I can remain
> as main editor. However, I can currently not commit to more extensive tasks
> such as implementation and test cases.
Claes
Do you have information on W3C members committed to implementation & test cases
going forw
On 2015-04-02 09:56, Jeffrey Yasskin wrote:
It seems like a CG is appropriate for the Sockets API. It's not clear
that a browser is going to adopt it unless the Trust & Permissions CG
comes up something, but if more native platforms like Cordova and FFOS
want to coordinate on a shared interfa
It seems like a CG is appropriate for the Sockets API. It's not clear that
a browser is going to adopt it unless the Trust & Permissions CG comes up
something, but if more native platforms like Cordova and FFOS want to
coordinate on a shared interface, a CG is a good place to iterate on that.
If it
On Thu, Apr 2, 2015 at 2:40 PM, Anders Rundgren <
anders.rundgren@gmail.com> wrote:
>
> Obviously we need a model where the code is "vetted" for
> DoingTheRightThing(tm).
>
This is essentially about two things: trust and the capability to "vet".
Both of these things cannot be solved conclusive
On 2015-04-02 11:46, Nilsson, Claes1 wrote:
Thanks for all replies to my mail below.
To address the “security/webapp permission to use the API”- issue I see the
following alternatives:
1.Keep as is: This means that the way permission is given to a webapp to use
the API is not defined by the
Thanks for all replies to my mail below.
To address the "security/webapp permission to use the API"- issue I see the
following alternatives:
1. Keep as is: This means that the way permission is given to a webapp to
use the API is not defined by the TCP and UDP Socket API, only methods to
Oh, I should add one thing.
I think that the TCPSocket and UDPSocket APIs are great. There is a
growing number of implementations of proprietary platforms which are
heavily based on web technologies. The most well known one is Cordova.
Platforms like those were the original audience for the TCP/UD
Hi all. You've mistakenly cc'ed my father on this thread. Here's my address.
On Wed, Apr 1, 2015 at 2:22 AM, Nilsson, Claes1 <
claes1.nils...@sonymobile.com> wrote:
> Hi all,
>
>
>
> Related to the recent mail thread about the SysApps WG and its
> deliverables I would like to make a report of the
On Wed, Apr 1, 2015 at 9:00 PM, Anders Rundgren <
anders.rundgren@gmail.com> wrote:
>
> Who would like to get something like that in their face when buying stuff
> on the web?
14% of users recognize changes in content of a security prompt. An MRI scan
shows that at the second security prompt
On 2015-04-01 20:47, Jonas Sicking wrote:
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote:
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
This particular example sets of alarm bells for me because of virtual hosting.
Eek! Yeah, OK, I think it's best I refrain from trying to come up wi
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote:
> From: Boris Zbarsky [mailto:bzbar...@mit.edu]
>
>> This particular example sets of alarm bells for me because of virtual
>> hosting.
>
> Eek! Yeah, OK, I think it's best I refrain from trying to come up with
> specific examples. Let's for
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote:
> My argument is that it's not materially different from existing permissions
> APIs. Sometimes the promise is rejected, sometimes it isn't. (Note that
> either outcome could happen without the user ever seeing a prompt.) The code
> works
From: Boris Zbarsky [mailto:bzbar...@mit.edu]
> This particular example sets of alarm bells for me because of virtual hosting.
Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific
examples. Let's forget I said anything...
> As in, this seems like precisely the sort of
On 4/1/15 12:50 PM, Domenic Denicola wrote:
Do you think it's acceptable for browser to experiment with e.g. auto-granting
permission if the requested remoteAddress is equal to the IP address of the
origin executing the API?
This particular example sets of alarm bells for me because of virtua
From: Jonas Sicking [mailto:jo...@sicking.cc]
> I agree with Anne. What Domenic describes sounds like something similar to
> CORS. I.e. a network protocol which lets a server indicate that it trusts a
> given
> party.
I think my point would have been stronger without the /.well-known protocol
t
It's a fair point, but without an origin authoritative opt-in it's not
gonna happen no matter what. Imagine say the displeasure of
awesomeEmail2000.com if trough some manner of XSS exploit (say in google
adds) suddenly millions of web-visitors connect to their email server
simultaneously...
On Wed
On Wed, Apr 1, 2015 at 6:37 PM, Florian Bösch wrote:
> On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking wrote:
>>
>> Not saying that we can use CORS to solve this, or that we should
>> extend CORS to solve this. My point is that CORS works because it was
>> specified and implemented across browsers.
On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking wrote:
> Not saying that we can use CORS to solve this, or that we should
> extend CORS to solve this. My point is that CORS works because it was
> specified and implemented across browsers. If we'd do something like
> what Domenic proposes, I think t
On Wed, Apr 1, 2015 at 4:30 PM, Anne van Kesteren wrote:
> On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola wrote:
>> I think it's OK for different browsers to experiment with different
>> non-interoperable conditions under which they fulfill or reject the
>> permissions promise. That's already
On 2015-04-01 16:11, Anne van Kesteren wrote:
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1
wrote:
However, work is ongoing in the Web App Sec WG that may provide basis
for a security model for this API. Please read section 4,
http://www.w3.org/2012/sysapps/tcp-udp-sockets/#security-and-priva
On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola wrote:
> I think it's OK for different browsers to experiment with different
> non-interoperable conditions under which they fulfill or reject the
> permissions promise. That's already true for most permissions grants today.
It's true when UX is
I think it's OK for different browsers to experiment with different
non-interoperable conditions under which they fulfill or reject the permissions
promise. That's already true for most permissions grants today.
On Wed, Apr 1, 2015 at 4:15 PM, Domenic Denicola wrote:
> For example, I could naively imagine something like the browser auto-granting
> permission [...]
If there is a proposal for a security model that needs to be part of
the document. There's no way this will get interoperable without
specify
@gmail.com
Subject: RE: [W3C TCP and UDP Socket API]: Status and home for this
specification
Hi Anne,
This is a misunderstanding that probably depends on that I used the word
"permission", which people associate with "user permission". User permissions
are absolutely not enough
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1
wrote:
> However, work is ongoing in the Web App Sec WG that may provide basis
> for a security model for this API. Please read section 4,
> http://www.w3.org/2012/sysapps/tcp-udp-sockets/#security-and-privacy-considerations
I don't see anything the
image003.png@01D06C95.57D61840]
From: Florian Bösch [mailto:pya...@gmail.com]
Sent: den 1 april 2015 12:06
To: Nilsson, Claes1
Cc: public-sysa...@w3.org; public-webapps; Device APIs Working Group; Domenic
Denicola; slightly...@chromium.org; yass...@gmail.com
Subject: Re: [W3C TCP and UDP Socket API]: Sta
e van Kesteren [mailto:ann...@annevk.nl]
> Sent: den 1 april 2015 11:58
> To: Nilsson, Claes1
> Cc: public-sysa...@w3.org; public-webapps; Device APIs Working Group;
> Domenic Denicola; slightly...@chromium.org; yass...@gmail.com
> Subject: Re: [W3C TCP and UDP Socket API]: Status and home
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1 <
claes1.nils...@sonymobile.com> wrote:
> Hi all,
>
>
>
> Related to the recent mail thread about the SysApps WG and its
> deliverables I would like to make a report of the status of the TCP and UDP
> Socket API, http://www.w3.org/2012/sysapps/tcp-u
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1
wrote:
> A webapp could for example request permission to create a TCP connection to a
> certain host.
That does not seem like an acceptable solution. Deferring this to the
user puts the user at undue risk as they cannot reason about this
question
32 matches
Mail list logo