The basic security model I am thinking of right now is to ask the user explicitly. When a website try to open a serial port the user will be promoted asking for permissions. This will happen for any different port and any different website. The only case not to raise a prompt would be when a website tries to reopen an previously opened port, since permissions have already been granted. I would suggest no white list or remember option to be offered.
-Alex On Sun, Jul 13, 2014 at 12:22 AM, Jonas Sicking <jo...@sicking.cc> wrote: > What's the security model for this API? > > / Jonas > > On Sat, Jul 12, 2014 at 11:58 AM, Alexandros Chronopoulos > <achro...@gmail.com> wrote: >> Summary: Webapi to access serial devices through browser. The api will >> provide, to websites, read and write capability from local serial port >> through javascript. Such an implementation will connect web with >> physical devices such as micro controllers, 3d printers etc. >> >> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=926940 >> >> Link to standard: https://whatwg.github.io/serial/ >> >> Platform coverage: Desktop focusing on Windows/Mac/Linux. Android is >> also possible. >> >> Target release: ? >> >> Preference behind which this will be implemented: Access permission >> will be given similar to geolocation api. >> >> -Alex >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
