On 02/02/07, Marcos Caceres <m.caceres@qut.edu.au> wrote: > I agree; the security API requirements are still fairly underspecified and > maybe it should be a MUST that all widgets include a manifest (R11). My > feeling is that we need to make a whole new requirements section just > devoted to the security context at large (including APIs). That would be great. > Is this kinda what you mean by "fully addressing"? Or are you also saying > that it would be required that some kind of user intreface alert is > presented to the user? Should this be part of the requirement's document or > part of the Widgets 1.0 spec itself? I don't think it would be useful to specify specific UI's or anything, implementors are best placed to know the best way to handle it for their situation. What I would like to be able to see is something that says provided APIs should be at more than just FULL TRUST, so I could have a widget on my phone that was allowed to make a web request, but not one that was allowed to make a phone call. I'm afraid I have nothing to help you though. > Nevertheless, I don't agree that widget > should be able to change the update IRI as I see that as a security issue I didn't say I agreed with it either, I just thought it was slightly pre-judging the future for a requirements doc. I'm happy either way though. Cheers, Jim.Received on Friday, 2 February 2007 08:29:26 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:21 GMT