- From: Marcos Caceres <m.caceres@qut.edu.au>
- Date: Fri, 2 Feb 2007 13:13:15 +1000
- To: "Jim Ley" <jim.ley@gmail.com>, "WAF WG (public)" <public-appformats@w3.org>
- Message-ID: <b21a10670702011913q3ed1ee94p2cd4518734987521@mail.gmail.com>
On 2/1/07, Jim Ley <jim.ley@gmail.com> wrote: > > > A couple of notes - I think you brush rather lightly over requirements > related to security APIs e.g. R19 and R11 are only SHOULD and MAY, I'd > like to see widgets fully address this issue of how a widget can > negotiate with a user (through preferences or whatever) access to > different API's. So I'd like to see a MUST here (of course this is a > very difficult requirement, but ...) I agree; the security API requirements are still fairly underspecified and maybe it should be a MUST that all widgets include a manifest (R11). My feeling is that we need to make a whole new requirements section just devoted to the security context at large (including APIs). Regarding R19, it might be interesting to look at the idea of having restricted access to particular function calls within the context of the widget API. That is, the security level of a widget must first be somehow elevated in order to call, for example, " phone.services.camera.takePhoto()", otherwise it throws some kind of SecurityException (or the user is alerted to authorise such access). Is this kinda what you mean by "fully addressing"? Or are you also saying that it would be required that some kind of user intreface alert is presented to the user? Should this be part of the requirement's document or part of the Widgets 1.0 spec itself?... I know the OMA has done some work into security contexts and accessing services on devices. Do you know of anyone else looked at similar security context issues (on both mobile and the desktop)? or has anyone got any good pointers that we should be looking at? If you have any examples, that would be great. > R25 also seems overlay restrictive for a requirements doc, why MUST > the eventual spec not allow widgets to change the update IRI and why > MUST they periodically check, looks like you're pre-judging the result > of later discussions. I'm not sure, but possibly... I guess we kinda have a lose idea of how we will address the requirements in the actual Widgets spec and are trying to convey that as a requirement here. Nevertheless, I don't agree that widget should be able to change the update IRI as I see that as a security issue (the widget could be mutated at runtime and ask that it download a rogue widget - this would not happn if the widget could not change the update IRI AND if the widget's manifest was signed.)... I do, however, agree that it is not a must that they periodically check for updates. I have relaxed this to a should. Is that ok? (or should it be removed until we explore the use case for the requirement further?) Thanks again for your comments, Marcos -- Marcos Caceres http://datadriven.com.au
Received on Friday, 2 February 2007 03:13:24 UTC