On Thu, 05 May 2011 21:41:24 +0200, Bjartur Thorlacius
<svartma...@gmail.com> wrote:
On 5/5/11, Charles McCathieNevile <cha...@opera.com> wrote:
On Thu, 05 May 2011 00:12:06 +0200, Bjartur Thorlacius
<svartma...@gmail.com> wrote:
On 5/3/11, Cameron Heavon-Jones <cmhjo...@gmail.com> wrote:
There are a number of resources which are thought of having an
'application' scope which may make sense to be collated into a
single manifest and with the ability for an agent to manage it as
such.
Yeah, if a single entity edits and signs multiple resources, it's
unreasonable to trust one but not another.
If I understand correctly, I disagree. I might trust a given entity
sometimes, or with some kinds of information, without wanting to simply
say "sure whatever you want". That's probably for the "hard-to-use mode"
in the UI, but I think it's legitimate. In practice, even given
something
as simple as twitter's geolocation request I *sometimes* allow it to
know
where I am and sometimes don't.
In that case you wouldn't grant anyone a carte blanche access to your
location, but authorize or forbid each request. I meant that users
probably wouldn't want to permanently authorize http://twitter.com/A
but not http://twitter.com/.
Of course, if the site requests coordinates, it's up to the user
whether they come from /dev/gps or /dev/tty (or /n/3D Globe).
Yeah, in principle. But given that most users aren't going to symlink
/dev/gps via their hand-crafted code to decide what to say (largely
because browsers just ask Google where you are instead based on visible
Wifi) in practice the question is how to build reasonable UI that the
users actually understand.
cheers
Chaals
--
Charles McCathieNevile Opera Software, Standards Group
je parle français -- hablo español -- jeg lærer norsk
http://my.opera.com/chaals Try Opera: http://www.opera.com
