.org] On
Behalf Of Aaron Boodman [...@google.com]
Sent: Saturday, November 21, 2009 9:31 AM
To: Jonas Sicking
Cc: Robin Berjon; Adam Barth; public-device-a...@w3.org; public-webapps WG
Subject: Re: File writing ponderings (was: Re: Security evaluation of an
example DAP policy)
On Sat, Nov
On Fri, Nov 20, 2009 at 8:34 AM, Robin Berjon ro...@berjon.com wrote:
On Nov 20, 2009, at 00:22 , Adam Barth wrote:
It's emails like this that make me skeptical of the security work
being done in the device APIs working group.
*sigh* I feel like a broken record. It feels like I've spent my
Starting a new thread since the other one was more of a
meta-discussion, this one has more technical meat on it.
On Fri, Nov 20, 2009 at 9:23 AM, Robin Berjon ro...@berjon.com wrote:
On Nov 20, 2009, at 17:40 , Adam Barth wrote:
On Fri, Nov 20, 2009 at 8:34 AM, Robin Berjon ro...@berjon.com
On Sat, Nov 21, 2009 at 12:26 AM, Jonas Sicking jo...@sicking.cc wrote:
Hmm.. This is a very interesting idea. Definitely worth exploring more.
What I had in mind was basically something like this:
1. An API for creating File objects by concatinating strings, Blobs,
ByteArrays (or whatever
[mailto:jo...@sicking.cc]
Sent: Friday, November 20, 2009 2:04 AM
To: Marcin Hanclik
Cc: Maciej Stachowiak; Adam Barth; Robin Berjon; public-device-a...@w3.org;
public-webapps WG
Subject: Re: Security evaluation of an example DAP policy
On Thu, Nov 19, 2009 at 4:49 PM, Marcin Hanclik
marcin.hanc
-a...@w3.org;
public-webapps WG
Subject: Re: Security evaluation of an example DAP policy
On Nov 19, 2009, at 4:23 PM, Jonas Sicking wrote:
On Thu, Nov 19, 2009 at 4:07 PM, Marcin Hanclik
marcin.hanc...@access-company.com wrote:
Hi Adam,
I think that
resource-match attr=param:name func
From: Maciej Stachowiak [...@apple.com]
Sent: Friday, November 20, 2009 1:26 AM
To: Jonas Sicking
Cc: Marcin Hanclik; Adam Barth; Robin Berjon; public-device-a...@w3.org
; public-webapps WG
Subject: Re: Security evaluation of an example DAP policy
On Nov 19, 2009, at 4:23 PM, Jonas Sicking
From: Maciej Stachowiak [...@apple.com]
Sent: Friday, November 20, 2009 1:26 AM
To: Jonas Sicking
Cc: Marcin Hanclik; Adam Barth; Robin Berjon; public-device-a...@w3.org;
public-webapps WG
Subject: Re: Security evaluation of an example DAP policy
On Nov 19, 2009, at 4:23 PM, Jonas Sicking
...@nokia.com]
Sent: Friday, November 20, 2009 3:29 PM
To: ext Jeremy Orlow
Cc: Frederick Hirsch; Marcin Hanclik; Maciej Stachowiak; Jonas
Sicking; Adam Barth; Robin Berjon; public-device-a...@w3.org; public-
webapps WG
Subject: Re: Security evaluation of an example DAP policy
Jeremy
Thanks. I
Sicking; Adam
Barth; Robin Berjon; public-device-a...@w3.org; public-webapps WG
Subject: Re: Security evaluation of an example DAP policy
Marcin
do you have any more comment on any of the following from the draft
policy requirements document?
http://dev.w3.org/2009/dap/policy-reqs/#use-cases
Example
On Nov 20, 2009, at 01:26 , Maciej Stachowiak wrote:
For what it's worth, I think any API that opened a dialog asking the
user Do you want to give website X access to directory Y in your file
system would not be an API we'd be willing to implement in firefox.
I.e. our security policy would be
On Fri, Nov 20, 2009 at 8:34 AM, Robin Berjon ro...@berjon.com wrote:
DAP will handle security at the API definition level. Full stop.
Can you elaborate on what this means concretely? For example, how is
security handled at the API definition level for the file writing API?
Adam
On Nov 20, 2009, at 17:40 , Adam Barth wrote:
On Fri, Nov 20, 2009 at 8:34 AM, Robin Berjon ro...@berjon.com wrote:
DAP will handle security at the API definition level. Full stop.
Can you elaborate on what this means concretely? For example, how is
security handled at the API definition
: 20 November 2009 15:13
To: Frederick Hirsch; ext Jeremy Orlow
Cc: Maciej Stachowiak; Jonas Sicking; Adam Barth; Robin
Berjon; public-device-a...@w3.org; public-webapps WG
Subject: RE: Security evaluation of an example DAP policy
Hi,
Reliably identified Websites can send and receive SMS
Hi Adam,
Thanks for your review!
This is what the BONDI specs need :)
I am sorry that you are skeptical and believe that with joint forces BONDI and
DAP will end up with a good solution.
If I understand this policy correctly, this would let a web site
overwrite boot.ini if the user clicks
: Maciej Stachowiak; Robin Berjon; public-device-a...@w3.org; public-webapps
WG
Subject: RE: Security evaluation of an example DAP policy
Hi Adam,
Thanks for your review!
This is what the BONDI specs need :)
I am sorry that you are skeptical and believe that with joint forces BONDI and
DAP
On Thu, Nov 19, 2009 at 4:07 PM, Marcin Hanclik
marcin.hanc...@access-company.com wrote:
Hi Adam,
I think that
resource-match attr=param:name
func=regexp/(C|c):\\(.+)\\(.+)/resource-match /
should be
resource-match attr=param:name
func=regexp/(C|c):\\([^\\]+)\\.+/resource-match /
up to
On Nov 19, 2009, at 4:00 PM, Marcin Hanclik wrote:
Hi Adam,
Thanks for your review!
This is what the BONDI specs need :)
I am sorry that you are skeptical and believe that with joint forces
BONDI and DAP will end up with a good solution.
If I understand this policy correctly, this would
On Nov 19, 2009, at 4:23 PM, Jonas Sicking wrote:
On Thu, Nov 19, 2009 at 4:07 PM, Marcin Hanclik
marcin.hanc...@access-company.com wrote:
Hi Adam,
I think that
resource-match attr=param:name func=regexp/(C|c):\\(.+)\\(.+)/
resource-match /
should be
resource-match attr=param:name
Stachowiak [...@apple.com]
Sent: Friday, November 20, 2009 1:26 AM
To: Jonas Sicking
Cc: Marcin Hanclik; Adam Barth; Robin Berjon; public-device-a...@w3.org;
public-webapps WG
Subject: Re: Security evaluation of an example DAP policy
On Nov 19, 2009, at 4:23 PM, Jonas Sicking wrote:
On Thu, Nov 19
20 matches
Mail list logo