update extensions framework to include interfacing with user agent permissions framework #133
Comments
|
see also #208 |
|
@equalsJeffH is there anything left to do for this issue? If so, are the concrete proposed changes? If not, we should close this one. |
|
@equalsJeffH , @selfissued Can we close this one since Mike has redone the extension section ? |
|
@AngeloKai has asserted that interfacing with the permissions framework is not applicable for webauthn in this context, and AFAIK we've just accepted that, so closing this. tho, if someone disagrees please cite appropriate specs etc. |
|
I feel like this should be addressed - it seems like a mistake to allow websites to get geolocation information without the user being notified. Here's a quick and dirty draft:
|
|
reopening due to #133 (comment) |
|
It seems that having the geoloc extension check the permissions framework is a resonable thing since geoloc is a defined permision in: https://w3c.github.io/permissions/#permission-registry |
|
Wouldn't the client (UA) check the permissions framework, rather than the extension implementation itself? Since the client can choose to drop extensions, it can use the permissions framework as part of the criteria in determining whether to drop or not. |
|
@gmandyam |
|
I agree that the client platform should do this check - not the extension |
|
@gmandyam will create PR |
|
@gmandyam can you please create the PR today or tomorrow morning so we can review it during the FIDO 2.0 meeting tomorrow? Thanks. |
|
Addressed through #771 |
|
Can this be closed now that #771 has been merged? |
update extensions framework to include interfacing with user agent permissions framework
The text was updated successfully, but these errors were encountered: