W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: Comments on Widgets 1.0: Requirements LCWD

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Thu, 7 Aug 2008 18:19:30 +1000
Message-ID: <b21a10670808070119s41a8054eq7f7320c99899d106@mail.gmail.com>
To: "Krzysztof Maczyński" <1981km@gmail.com>, "Williams, Stuart (HP Labs, Bristol)" <skw@hp.com>, "www-tag@w3.org" <www-tag@w3.org>, public-webapps@w3.org
Hi Stuart, All,

This email is a continuation of the discussion about the Widget URI
scheme we've had in the past [1]. WebApps is trying to draft the final
text for the Widget Requirements document regarding a URI scheme for
widgets and we would again appreciate some input from the TAG. WebApps
WG believes that we share similar (if not the same) objective to
resolving the TAG's issue number 61 (URI Based Access to Packaged
Items) [2].

Regarding URI based access to packaged items, the Widgets 1.0
Requirements document [3] contains the following Requirement:

------
R6. Addressing Scheme

A conforming specification MUST specify or recommend an addressing
scheme to address the individual resources within the widget resource
at runtime. The addressing scheme MUST be able to address individual
widget instances, while potentially allowing widgets to address each
other. The addressing scheme MUST NOT expose the underlying file
system to the instantiated widget and an instantiated widget MUST NOT
be able to address resources outside the widget resource via the
addressing scheme. The addressing scheme SHOULD be one that web
authors would feel comfortable using or to which they are already
accustomed.

Motivation:
    Ease of use, compatibility with other standards, current
development practice or industry best-practices, security.
Rationale:
    To allow resources to be resolved and normalized within DOM
attributes. To make it easy for authors to address and load resources
into their instantiated widgets, either declaratively or
programmatically. For example, addressing a resource via an IRI (e.g.
<img src="images/bg.png'/> where the src attribute resolves to
something akin to "widget://myWidget/images/bg.png")).
-------

However, Krzysztof Maczyński has suggested we change the text above
based on the following reasoning:

>On 2008/7/26 Krzysztof Maczyński <1981km@gmail.com> wrote:
>> must not be able to address resources outside the widget resource via the addressing scheme
> Such ability may be useful (in some future version or even in this one), although I can see the concerns. But it seems harmless, for example, to use URNs (with semantics handled by widget user agent, such as accessing the default instance (forms in older versions of VB have those) or some operating environment motives and artifacts - these are "outside the widget resource", right?). I presume there will be places where IRIs unconstrained by this addressing scheme can be used to allow such usage. Still, I think this must not cannot be enforced syntactically without disallowing relative IRI references (and I can see no reason for disallowing them). Another issue with this is that other instances of the same widget are themselves "resources outside the widget resource" (but not widget resources). Even though R5 currently only provides for addressing resources contained in the widget resource associated withj a given instance of the widget, I believe the goal is (or should be) to enable addressing the instances themselves as well. I would therefore suggest the wording given below for the entire paragraph. Also please clarify that "addressing scheme" means some recipe for minting URIs, not necessarily a URI scheme (which may or may not result from ongoing discussion as the best solution).
> --
> A conforming specification must specify an addressing scheme (a new URI scheme or some prescribed use of an existing one) which must or should be used to address at runtime the individual resources within the widget resource in association with the current or another instance of the widget, as well as these instances themselves. This does not preclude allowing use of arbitrary IRI references in some contexts defined by a conforming specification. When the addressing scheme is used, the widget user agent must be required not to expose any other resources to the widget instance. For this purpose a conforming specification may require that accessing resources identified by IRIs using the addressing scheme which leave the allowed space described above must fail. If addressing resources outside the allowed set described above is possible with the addressing scheme, determining that this is the case for a given IRI reference should be easy for the author, at least for absolute IRI references. The addressing scheme should be one that web authors would feel comfortable using or are already accustomed to.


Any thoughts or comments from WebApps members or the TAG are welcomed.

[1] http://lists.w3.org/Archives/Public/www-tag/2008May/0121.html
[2] http://www.w3.org/2001/tag/group/track/issues/61
[3] http://dev.w3.org/2006/waf/widgets-reqs/#r6.-addressing
-- 
Marcos Caceres
http://datadriven.com.au
Received on Thursday, 7 August 2008 08:20:12 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT