[whatwg] Device Element

Aryeh Gregor Simetrical+w3c at gmail.com
Sun Jan 9 10:34:26 PST 2011

On Sun, Jan 9, 2011 at 7:21 AM, Bjartur Thorlacius <svartman95 at gmail.com> wrote:
> So, OS permissions are too complex, so you figure it's best to build
> another permission system on top of the existing ones? Why?

1) OS permissions are not adequately standardized.  Every OS has its
own permissions model.  This makes portability hard, and increases the
risk of security bugs caused by the same policy being enforced
differently by different OSes.

2) Conventional OS permissions are based on the idea of protecting
different users from each other, not protecting users from their own
programs.  It's assumed that users do not run any program unless they
trust it fully.  This is not useful in the case of web apps, where the
app is a web page that we assume is totally untrusted.  OS permissions
are coming around to the idea of untrusted apps, but only slowly and
(see point 1) inconsistently.

Regardless, this point was settled well over a decade ago.  Web pages
have their own security model, on top of system permissions.  This was
true as soon as anyone implemented scripting for web pages, since web
page scripts have always been sandboxed at a lower permission level
than any full program.  There's no point in talking about it.

More information about the whatwg mailing list