177
edits
Changes
→Management / granting of API permissions to WebApps
# User should have control over APIs with privacy implications
# User should be able to audit usage of permissions (this is different from viewing what permissions an app has, since that does not tell you how or when it is used)
# Apps cannot must not request permission to do something or use a function that it has not declared that is it needs to do. ('''TBD: If an app attempts to execute a function which the user has not listed in authorised, what action should be taken? terminate the manifestapp? remove it? report it?''')
discussion links:
