W3C home > Mailing lists > Public > public-media-annotation@w3.org > December 2009

Re: ACTION-190 Right disclaimer for API document

From: RaphaŽl Troncy <Raphael.Troncy@cwi.nl>
Date: Tue, 01 Dec 2009 20:56:43 +0100
Message-ID: <4B1574FB.3050205@cwi.nl>
To: Soohong Daniel Park <soohong.park@samsung.com>
CC: public-media-annotation@w3.org
Dear Daniel,

> For MWAG, I do not think they need to consider it. Since the contents 
> and metadata in MAWG are hosted in the Web, for example Youtube, Pandora 
> and etc. These sites if they implement the MAWG API on their platform, 
> they will handle the security issue by their own, which is a cross 
> domain topic in the web development. If Youtbe, Pandora does not 
> implement MAWG API, but other 3rd party libraries implemented, the 3rd 
> party developer surely will utilize the host sites' security solution to 
> implement the API.

How do you prevent someone to inject a malicious script within a web 
page using the set method of the MAWG API? If you rely solely on the 
host site to setup some security mechanism, then how do you guarantee 
interoperability between sites? At minimal, it seems to me that existing 
technologies addressing this kind of issue should be mentioned.


RaphaŽl Troncy
EURECOM, Multimedia Communications Department
2229, route des CrÍtes, 06560 Sophia Antipolis, France.
e-mail: raphael.troncy@eurecom.fr & raphael.troncy@gmail.com
Tel: +33 (0)4 - 9300 8242
Fax: +33 (0)4 - 9000 8200
Web: http://www.eurecom.fr/~troncy/
Received on Tuesday, 1 December 2009 19:57:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:36 UTC