Confirmed users
236
edits
(Add implementation status for Presentation API) |
(→Security: suggest solution to the conundrum about "better solutions" for exposing sensitive information to web content) |
||
Line 560: | Line 560: | ||
Security will be a central aspect of all the APIs that we design. We wouldn't want any random webpage to be able to read the user's contact list, or able to issue arbitrary commands to any USB device which is hooked up to the user's computer. | Security will be a central aspect of all the APIs that we design. We wouldn't want any random webpage to be able to read the user's contact list, or able to issue arbitrary commands to any USB device which is hooked up to the user's computer. | ||
In some cases the solution will be to simply ask the user, like we do today for Geolocation for example. In other cases, where security implications are scarier or where describing the risk to the user is harder, we'll have to come up with better solutions. | In some cases the solution will be to simply ask the user, like we do today for Geolocation for example. In other cases, where security implications are scarier or where describing the risk to the user is harder, we'll have to come up with better solutions. For example, enumerating sensitive information or exposing device specific configuration to the web can be avoided by implementing dialogs (like the file picker for <input type=file>). Those can be implemented in the platform and ask the user which information to expose to the current website specifically. | ||
This is an area where we're still doing a lot of research. I really want to emphasize that we don't have all the answers yet, but that we plan on having them before we roll out these APIs to millions of users. | This is an area where we're still doing a lot of research. I really want to emphasize that we don't have all the answers yet, but that we plan on having them before we roll out these APIs to millions of users. |