Re: Widget Requirements

Aside from the standard browser and Dashboard security models, I've been
thinking that the Flash and Java security models (for desktops and mobiles)
might make a good starting point for outlining the security context for
widgets; they share many similarities to widget engines that need to access
services on the web. They've also been around long enough to (possibly) be
stable and there are probably lots of articles that outline any outstanding
security issues. I'll also search the WWW Conference proceedings and other
relevant journals for similar stuff. Again, any pointers to save me some
time would be helpful:)
Kind regards,
Marcos

On 2/3/07, Jim Ley < jim.ley@gmail.com> wrote:
>
> On 02/02/07, Arthur Barstow <art.barstow@nokia.com> wrote:
> > Regarding R19, Jim - would you please expand on what you mean by "how
> > a widget can negotiate with a user"?
>
> Exact method I really don't know, I guess what I was imagining were a
> way for a widget to define the sort of security class it was in, so
> e.g. there could be 4:
>
> "Only back to site jibbering.com"
> "Accesses any website"
> "Accesses local file system"
> "Accesses local resources such as camera"
>
> Then the Widget framework could provide a sensible UI to list what the
> widget might doing, rather than a simple binary trust aspect of
> widgets.  But I really don't have good strong suggestions.
>
> Jim.
>



-- 
Marcos Caceres
http://datadriven.com.au

Received on Monday, 5 February 2007 00:00:13 UTC