WebAPI: Difference between revisions

WebAPI (view source)

308 bytes added , 13 November 2015

→‎Security: suggest solution to the conundrum about "better solutions" for exposing sensitive information to web content

Confirmed users

236

edits

@@ Line 560: / Line 560: @@
 Security will be a central aspect of all the APIs that we design. We wouldn't want any random webpage to be able to read the user's contact list, or able to issue arbitrary commands to any USB device which is hooked up to the user's computer.
-In some cases the solution will be to simply ask the user, like we do today for Geolocation for example. In other cases, where security implications are scarier or where describing the risk to the user is harder, we'll have to come up with better solutions.
+In some cases the solution will be to simply ask the user, like we do today for Geolocation for example. In other cases, where security implications are scarier or where describing the risk to the user is harder, we'll have to come up with better solutions. For example, enumerating sensitive information or exposing device specific configuration to the web can be avoided by implementing dialogs (like the file picker for <input type=file>). Those can be implemented in the platform and ask the user which information to expose to the current website specifically.
 This is an area where we're still doing a lot of research. I really want to emphasize that we don't have all the answers yet, but that we plan on having them before we roll out these APIs to millions of users.