Confirm
717
edits
Changes
→Open questions
===Application Scope===
Foundational assumption was that there was only one app per domain. This is because an origin is effectively the only security boundary in the browser, and determining the security implications of allowing apps with different permissions on the same domain is a time consuming exercise for the 1.0 timeframe.
===Trusted Application Review Guidelines===
We need a set of guidelines that define an acceptable level of security and privacy review for trusted applications. This should include:
*Ensuring that requested permissions are used for the purposes stated (in the permission rationale)
*Use of implicit permissions is appropriate
*Any interfaces between privileged app content and unprivileged external content have appropriate mitigations to prevent elevation of privilege attacks
==Out of scope for 1.0==
