[whatwg] Proposal for a web application descriptor

Bjartur Thorlacius svartman95 at gmail.com
Thu May 5 12:41:24 PDT 2011

On 5/5/11, Charles McCathieNevile <chaals at opera.com> wrote:
> On Thu, 05 May 2011 00:12:06 +0200, Bjartur Thorlacius
> <svartman95 at gmail.com> wrote:
>> On 5/3/11, Cameron Heavon-Jones <cmhjones at gmail.com> wrote:
>>> There are a number of resources which are thought of having an
>>> 'application' scope which may make sense to be collated into a
>>> single manifest and with the ability for an agent to manage it as
>>> such.
>> Yeah, if a single entity edits and signs multiple resources, it's
>> unreasonable to trust one but not another.
> If I understand correctly, I disagree. I might trust a given entity
> sometimes, or with some kinds of information, without wanting to simply
> say "sure whatever you want". That's probably for the "hard-to-use mode"
> in the UI, but I think it's legitimate. In practice, even given something
> as simple as twitter's geolocation request I *sometimes* allow it to know
> where I am and sometimes don't.
In that case you wouldn't grant anyone a carte blanche access to your
location, but authorize or forbid each request. I meant that users
probably wouldn't want to permanently authorize http://twitter.com/A
but not http://twitter.com/.

Of course, if the site requests coordinates, it's up to the user
whether they come from /dev/gps or /dev/tty (or /n/3D Globe).

More information about the whatwg mailing list