W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

[widgets] Access Requests Use Case: Restricted access to remote web services using white/black lists

From: Scott Wilson <scott.bradley.wilson@gmail.com>
Date: Fri, 22 May 2009 12:04:29 +0100
Message-Id: <72EFD68F-4C1E-425A-AB3F-0D8C0A58CF8E@gmail.com>
To: public-webapps WG <public-webapps@w3.org>
RXX: Restricted access to remote web services using white/black lists

Motivation: Security, Current development practice or industry best- 
practice, Interoperability

Rationale:

A Widget may need to make use of external web services in order to  
function, for example using AJAX to obtain information.

A User Agent may wish to restrict access to external web services from  
Widgets based on white lists or black lists, for example using a proxy  
server or firewall.

This raises the possibility for users installing Widgets that are  
unable to function due to access restrictions on remote web services.

By providing a mechanism for declaring a Widget's access requirements,  
the usability and interoperability of Widgets can be improved.

For example, when a user attempts to install a Widget in a User Agent,  
and the Widget Configuration Document declares that it requires access  
to currently blocked services in order to function, the User Agent may  
prompt the user to choose to:

(1) enable access to the service (for example, adding the service to a  
proxy server or firewall white list),
(2) cancel installing the Widget, or
(3) proceed with installation, with the user now aware that there may  
be problems with the Widget due to restricted access to services.
Received on Friday, 22 May 2009 11:05:13 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT