On Fri, Apr 26, 2013 at 2:33 PM, Ben Adida <benad...@mozilla.com> wrote: > On 4/26/13 3:02 AM, Anne van Kesteren wrote: >> What is origin used for? Can Persona not use object-capabilities instead? > > Do you mean that we should completely revamp the Persona protocol, including > assertions to an origin and the way we present the login UI to users, > because packaged apps don't conform with the way other web apps work? > > That would also mean asking OpenID and OAuth to change what they do. > > That seems backwards to me. Reestablishing real origins is a better path > forward to leverage existing web architecture.
Just thinking out loud. Security researchers have raised concerns with relying too much on origins (ever since we did CORS at least) and have been trying to push people towards a object-capability-based world. (It's unfortunate the web is not far enough along yet to reinvent apps and that therefore apps have to reinvent the web.) -- http://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
