W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2011

Specs need to avoid demanding UIs show URIs to users (especially as a "security" measure)

From: Josh Soref <jsoref@rim.com>
Date: Wed, 29 Jun 2011 11:37:27 -0400
To: "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-ID: <6A252AE18765C3468EF06946F24F0B571FFC289242@XCH102CNC.rim.net>
The contacts[1]/calendar[2] API's currently have text like this:
> The user interface must include the URI of the document origin, as
> defined in [HTML5].

And I wrote in [3][4] that this was a bad idea...

Google is in the process of removing the URL bar from Chrome [5] and Mozilla has been working through removing it from Firefox [6][7] for some time too. The reality, as I noted in my comments is that users don't understand URIs, so they do not add security. As showing URIs to user neither adds nor enables security, specifications shouldn't demand that they be shown to users.

[1] http://www.w3.org/TR/2011/WD-contacts-api-20110616/

[2] http://www.w3.org/TR/2011/WD-calendar-api-20110419/

[3] http://lists.w3.org/Archives/Public/public-device-apis/2011Jun/0081.html

[4] http://lists.w3.org/Archives/Public/public-device-apis/2011Jun/0095.html

[5] http://www.conceivablytech.com/7485/products/google-is-serious-you-can-kill-chromes-url-bar

[6] https://wiki.mozilla.org/Firefox/Features/Toolbarless

[7] http://mozillalabs.com/conceptseries/2011/05/24/community-concepts-ubiquitous-firefox-part-1-how-do-you-design-a-debris-less-browser/

This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
Received on Wednesday, 29 June 2011 15:37:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:49 UTC