Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-07 Thread Wayne Carr
bject: Re: [W3C TCP and UDP Socket API]: Status and home for this specification Lastly, if there is a decision to continue to work on this API I can remain as main editor. However, I can currently not commit to more extensive tasks such as implementation and test cases. Claes Do you have inform

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-07 Thread Nilsson, Claes1
Device APIs Working Group; > Domenic Denicola; slightly...@chromium.org; yass...@gmail.com > Subject: RE: [W3C TCP and UDP Socket API]: Status and home for this > specification > > Hi Frederick, > > The implementations I am aware of are: > > * Mozilla FFOS: There is a

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-07 Thread Nilsson, Claes1
nal Message- > From: Frederick Hirsch [mailto:w...@fjhirsch.com] > Sent: den 7 april 2015 13:53 > To: Nilsson, Claes1 > Cc: public-sysa...@w3.org; public-webapps; Device APIs Working Group; > Domenic Denicola; slightly...@chromium.org; yass...@gmail.com > Subject: Re: [W3C T

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-07 Thread Frederick Hirsch
> Lastly, if there is a decision to continue to work on this API I can remain > as main editor. However, I can currently not commit to more extensive tasks > such as implementation and test cases. Claes Do you have information on W3C members committed to implementation & test cases going forw

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-02 Thread Wayne Carr
On 2015-04-02 09:56, Jeffrey Yasskin wrote: It seems like a CG is appropriate for the Sockets API. It's not clear that a browser is going to adopt it unless the Trust & Permissions CG comes up something, but if more native platforms like Cordova and FFOS want to coordinate on a shared interfa

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-02 Thread Jeffrey Yasskin
It seems like a CG is appropriate for the Sockets API. It's not clear that a browser is going to adopt it unless the Trust & Permissions CG comes up something, but if more native platforms like Cordova and FFOS want to coordinate on a shared interface, a CG is a good place to iterate on that. If it

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-02 Thread Florian Bösch
On Thu, Apr 2, 2015 at 2:40 PM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > > Obviously we need a model where the code is "vetted" for > DoingTheRightThing(tm). > This is essentially about two things: trust and the capability to "vet". Both of these things cannot be solved conclusive

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-02 Thread Anders Rundgren
On 2015-04-02 11:46, Nilsson, Claes1 wrote: Thanks for all replies to my mail below. To address the “security/webapp permission to use the API”- issue I see the following alternatives: 1.Keep as is: This means that the way permission is given to a webapp to use the API is not defined by the

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-02 Thread Nilsson, Claes1
Thanks for all replies to my mail below. To address the "security/webapp permission to use the API"- issue I see the following alternatives: 1. Keep as is: This means that the way permission is given to a webapp to use the API is not defined by the TCP and UDP Socket API, only methods to

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
Oh, I should add one thing. I think that the TCPSocket and UDPSocket APIs are great. There is a growing number of implementations of proprietary platforms which are heavily based on web technologies. The most well known one is Cordova. Platforms like those were the original audience for the TCP/UD

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jeffrey Yasskin
Hi all. You've mistakenly cc'ed my father on this thread. Here's my address. On Wed, Apr 1, 2015 at 2:22 AM, Nilsson, Claes1 < claes1.nils...@sonymobile.com> wrote: > Hi all, > > > > Related to the recent mail thread about the SysApps WG and its > deliverables I would like to make a report of the

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
On Wed, Apr 1, 2015 at 9:00 PM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > > Who would like to get something like that in their face when buying stuff > on the web? 14% of users recognize changes in content of a security prompt. An MRI scan shows that at the second security prompt

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anders Rundgren
On 2015-04-01 20:47, Jonas Sicking wrote: On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote: From: Boris Zbarsky [mailto:bzbar...@mit.edu] This particular example sets of alarm bells for me because of virtual hosting. Eek! Yeah, OK, I think it's best I refrain from trying to come up wi

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote: > From: Boris Zbarsky [mailto:bzbar...@mit.edu] > >> This particular example sets of alarm bells for me because of virtual >> hosting. > > Eek! Yeah, OK, I think it's best I refrain from trying to come up with > specific examples. Let's for

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola wrote: > My argument is that it's not materially different from existing permissions > APIs. Sometimes the promise is rejected, sometimes it isn't. (Note that > either outcome could happen without the user ever seeing a prompt.) The code > works

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
From: Boris Zbarsky [mailto:bzbar...@mit.edu] > This particular example sets of alarm bells for me because of virtual hosting. Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific examples. Let's forget I said anything... > As in, this seems like precisely the sort of

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Boris Zbarsky
On 4/1/15 12:50 PM, Domenic Denicola wrote: Do you think it's acceptable for browser to experiment with e.g. auto-granting permission if the requested remoteAddress is equal to the IP address of the origin executing the API? This particular example sets of alarm bells for me because of virtua

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
From: Jonas Sicking [mailto:jo...@sicking.cc] > I agree with Anne. What Domenic describes sounds like something similar to > CORS. I.e. a network protocol which lets a server indicate that it trusts a > given > party. I think my point would have been stronger without the /.well-known protocol t

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
It's a fair point, but without an origin authoritative opt-in it's not gonna happen no matter what. Imagine say the displeasure of awesomeEmail2000.com if trough some manner of XSS exploit (say in google adds) suddenly millions of web-visitors connect to their email server simultaneously... On Wed

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
On Wed, Apr 1, 2015 at 6:37 PM, Florian Bösch wrote: > On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking wrote: >> >> Not saying that we can use CORS to solve this, or that we should >> extend CORS to solve this. My point is that CORS works because it was >> specified and implemented across browsers.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
On Wed, Apr 1, 2015 at 6:02 PM, Jonas Sicking wrote: > Not saying that we can use CORS to solve this, or that we should > extend CORS to solve this. My point is that CORS works because it was > specified and implemented across browsers. If we'd do something like > what Domenic proposes, I think t

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Jonas Sicking
On Wed, Apr 1, 2015 at 4:30 PM, Anne van Kesteren wrote: > On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola wrote: >> I think it's OK for different browsers to experiment with different >> non-interoperable conditions under which they fulfill or reject the >> permissions promise. That's already

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anders Rundgren
On 2015-04-01 16:11, Anne van Kesteren wrote: On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1 wrote: However, work is ongoing in the Web App Sec WG that may provide basis for a security model for this API. Please read section 4, http://www.w3.org/2012/sysapps/tcp-udp-sockets/#security-and-priva

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola wrote: > I think it's OK for different browsers to experiment with different > non-interoperable conditions under which they fulfill or reject the > permissions promise. That's already true for most permissions grants today. It's true when UX is

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
I think it's OK for different browsers to experiment with different non-interoperable conditions under which they fulfill or reject the permissions promise. That's already true for most permissions grants today.

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 4:15 PM, Domenic Denicola wrote: > For example, I could naively imagine something like the browser auto-granting > permission [...] If there is a proposal for a security model that needs to be part of the document. There's no way this will get interoperable without specify

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Domenic Denicola
@gmail.com Subject: RE: [W3C TCP and UDP Socket API]: Status and home for this specification Hi Anne, This is a misunderstanding that probably depends on that I used the word "permission", which people associate with "user permission". User permissions are absolutely not enough

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 3:58 PM, Nilsson, Claes1 wrote: > However, work is ongoing in the Web App Sec WG that may provide basis > for a security model for this API. Please read section 4, > http://www.w3.org/2012/sysapps/tcp-udp-sockets/#security-and-privacy-considerations I don't see anything the

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Nilsson, Claes1
image003.png@01D06C95.57D61840] From: Florian Bösch [mailto:pya...@gmail.com] Sent: den 1 april 2015 12:06 To: Nilsson, Claes1 Cc: public-sysa...@w3.org; public-webapps; Device APIs Working Group; Domenic Denicola; slightly...@chromium.org; yass...@gmail.com Subject: Re: [W3C TCP and UDP Socket API]: Sta

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Nilsson, Claes1
e van Kesteren [mailto:ann...@annevk.nl] > Sent: den 1 april 2015 11:58 > To: Nilsson, Claes1 > Cc: public-sysa...@w3.org; public-webapps; Device APIs Working Group; > Domenic Denicola; slightly...@chromium.org; yass...@gmail.com > Subject: Re: [W3C TCP and UDP Socket API]: Status and home

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Florian Bösch
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1 < claes1.nils...@sonymobile.com> wrote: > Hi all, > > > > Related to the recent mail thread about the SysApps WG and its > deliverables I would like to make a report of the status of the TCP and UDP > Socket API, http://www.w3.org/2012/sysapps/tcp-u

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

2015-04-01 Thread Anne van Kesteren
On Wed, Apr 1, 2015 at 11:22 AM, Nilsson, Claes1 wrote: > A webapp could for example request permission to create a TCP connection to a > certain host. That does not seem like an acceptable solution. Deferring this to the user puts the user at undue risk as they cannot reason about this question