W3C home > Mailing lists > Public > public-web-intents@w3.org > June 2012

question on 4.1 explicit intents

From: Jean-Claude Dufourd <jean-claude.dufourd@telecom-paristech.fr>
Date: Tue, 12 Jun 2012 13:09:21 +0200
Message-ID: <4FD72361.4090600@telecom-paristech.fr>
To: "public-web-intents@w3.org" <public-web-intents@w3.org>
Dear all,

In section 4.1, the first paragraph is:

When handling an Intent marked as explicit (that is, constructed with 
the object literal constructor with a non-empty*service*field), the 
expected User Agent behavior is that if this "service" attribute is 
present, it/should not/display a service selection mechanism to the 
user. Instead, the service url/should/be loaded directly to handle the 
intent. (This is not a hard restriction. The User Agent/may/provide a 
way for the user to intercept even an explicit invocation.)

This is a security risk.
Why is security more relaxed here than in the previous section ?
Why does " The User Agent/must not/deliver an intent to a Service 
discovered in this way before the user has made a specific action 
allowing it." not apply here too ?
Best regards
JC

-- 
JC Dufourd
Directeur d'Etudes/Professor
Groupe Multimedia/Multimedia Group
Traitement du Signal et Images/Signal and Image Processing
Telecom ParisTech, 37-39 rue Dareau, 75014 Paris, France
Tel: +33145817733 - Mob: +33677843843 - Fax: +33145817144
Received on Tuesday, 12 June 2012 11:10:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 12 June 2012 11:10:57 GMT