On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan <rob...@ocallahan.org> wrote:
> 1) What I suggested: Whitelist vendor origins for access to their devices
> and have vendor-hosted pages ("Web drivers"?) expose "safe" API to
> third-party applications.
> 2) Design a permissions API that one way or another lets users authorize
> access to USB devices by third-party applications.
> 3) Wrap USB devices in Web-exposed believed-to-be-safe standardized APIs
> built into browsers.There's also 4) Design a new USB-protocol which enables USB devices to indicate that they are "web safe" and which lets the USB device know which website is talking to it. Then let the user authorize a website to use a given device. This is similar to what we did with TCP (through WebSocket), UDP (WebRTC) and HTTP (through CORS). Except that we'd also have to let the user authorize devices, similar to 2. But at least we could design the new protocol such that we can give the user enough information to make an informed decision. Obviously this has the dramatic downside that it leaves all existing USB devices behind and doesn't provide a solution for them. But that's similar to what we did for TCP/UDP/HTTP. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
