[cap-talk] Authorizing access to an app's internal data

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Thu Sep 25 15:50:20 CDT 2008

Marcus Brinkmann wrote:
> At Thu, 25 Sep 2008 19:49:25 +0100,
> David-Sarah Hopwood <david.hopwood at industrial-designers.co.uk> wrote:
>> There is actually quite strong public pressure on the browser vendors to
>> "play nicely".
> That doesn't prove your point, it disproves it.  If that much pressure
> is needed for IE, there is no hope for all the other application
> software that has internal data which is interesting to access.  There
> isn't enough public pressure in the universe to get the job done.

The issue in this subthread was how to be consistent with POLA *and*
avoid complication of the user interface for importing data from an
app that cooperates in exposing that data. (IE was presented as an
example, not chosen by me, and it is cooperative in this sense.)

If you allow an extra UI step that explicitly authorizes access to
an app's internal data, then there is no remaining problem to solve
even for non-cooperative apps. Of course, in that case it may be
necessary to reverse-engineer an internal data format, but that's
true regardless of how access to the internal data is authorized.

David-Sarah Hopwood

More information about the cap-talk mailing list