W3C home > Mailing lists > Public > public-coremob@w3.org > June 2012

Re: coremob-ISSUE-8: No spec to point to for Full-screen mode. [COREMOB-1]

From: Robin Berjon <robin@berjon.com>
Date: Fri, 22 Jun 2012 11:21:20 +0200
Cc: "Charles McCathieNevile" <chaals@opera.com>, "W3C CoreMob CG" <public-coremob@w3.org>
Message-Id: <92405569-7AFC-4D67-8979-0368BE4FE035@berjon.com>
To: Scott Wilson <scott.bradley.wilson@gmail.com>
On Jun 19, 2012, at 15:45 , Scott Wilson wrote:
>>> Widgets are easy to implement. I wonder how many have been security audited though  it's easy to get things rather wrong.
> 
> Check out Webinos, which is a secure W3C Widgets platform for multiple devices including in-vehicle systems:
> 
> https://developer.webinos.org/
> 
> Apache Wookie uses a fairly simple security model, as its aimed at widgets placed into portal-style applications. However even then its up to the container - so I saw one mil portal recently running inline chromless widgets in fixed positions, rather than the more typical netvibes/igoogle style arrangement.

I'm well aware of Webinos and Wookie. I didn't say that all widgets are insecure, just that it's easy to get their security wrong. The first step that the SysApps group will take when it gets chartered is look at how to define a runtime environment for Web apps that might access trusted functionality  it's a missing part at the moment.

-- 
Robin Berjon - http://berjon.com/ - @robinberjon
Received on Friday, 22 June 2012 09:21:50 UTC

This archive was generated by hypermail 2.3.1 : Friday, 19 April 2013 17:36:46 UTC