Make Security-policy a top level concept, not a feature #1283
Description
Original author: jasn...@gmail.com (April 12, 2012 22:36:30)
SPECIFICATION BUGS ONLY - Description
=====================================
http://docs.opensocial.org/display/OSD/Security+Policy+should+not+be+a+Feature
Currently, there is a "security-policy" feature that is rather undefined in the core-gadget spec... several problems exist:
- It's not clear what the real difference is between <Optional feature="security-policy" /> and <Require feature="security-policy" />,
- It's not clear whether it's possible to have optional permissions vs. required permissions (e.g. these are the things I have to have in order to function, these are the things that would be nice), and
- There's no api to determine if any given permission has been granted or not (at least none that I can see).
Ideally, Permissions would be a top level concept like Features... so instead of using a feature, these should be a variant of the Require and Optional elements... e.g.
<Module>
<ModulePrefs>
<Require feature="foo" />
<Optional feature="bar"/>
<Require permission="some.permission" />
<Optional permission="some.other.permission" />
</ModulePrefs>
</Module>
Then, we should have a gadgets.util.hasPermission(...) method alongside the gadgets.util.hasFeature API.
Document affected:
==================
1.) Please attach a patch for the document if appropriate.
2.) Post a thread at
http://groups.google.com/group/opensocial-and-gadgets-spec/topics
linking to this issue report.
3.) Post a comment on this issue, linking back to the thread.
Original issue: http://code.google.com/p/opensocial-resources/issues/detail?id=1299