On 02.12.2015 18:53, Robert O'Callahan wrote: > On Wed, Dec 2, 2015 at 9:37 AM, Eric Rescorla <e...@rtfm.com> wrote: > >> Are you thinking of something like WebUSB? >> (https://reillyeon.github.io/webusb/)? This is something we've looked at >> a bit but we're still trying to wrap our heads around the security >> implications. >> > > Where are we discussing that? I'd really like to see WebUSB with USB device > IDs are bound to specific origins (through a registry for legacy devices > and through the USB protocol extensions defined in that spec) so that > vendors can host apps that access their devices --- and so that vendor > pages in an <iframe> can define and vend "safe" APIs to any third-party > application. We'd finally have decentralized extensibility for Web APIs to > hardware. > > Rob >
This is an interesting architecture. I was originally thinking about allowing to list all possible devices *and* preventing fingerprinting through a chrome dialog that mediates between content and the user: The user chooses which device(s) to expose to the specific website they are on. Similar to <input type="file">. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
