W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widgets] Purpose and utility of <feature> unclear

From: Marcos Caceres <marcosc@opera.com>
Date: Tue, 2 Jun 2009 13:42:00 +0200
Message-ID: <b21a10670906020442x593bd05bmd2b9cc44009f1a2@mail.gmail.com>
To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
Cc: Henri Sivonen <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
On Tue, Jun 2, 2009 at 12:28 PM, Marcin Hanclik
<Marcin.Hanclik@access-company.com> wrote:
> Hi Henri,
>
>>>I think it would be preferable to design APIs in such a way that
>>>security/privacy aspects of the API are Web-ready, i.e. the same API
>>>could be exposed to Web content. (I consider the design of the
>>>Geolocation API and it's authorization UI in Firefox Web-ready in this
>>>sense.)
> There is no problem with the APIs within the Web content.
> There is just a difference on the security policy level whether unauthorized Web content (website vs. widget) may access the API.
> http://bondi.omtp.org/1.0/security/BONDI_Architecture_and_Security_Appendices_v1.0.pdf, section B.4.(1|2).
>

Right. This is applicable for BONDI user agents, but not necessarily
user agents that use the W3C's DAP-WG APIs. It is unlikely that Web
Browsers will become BONDI compliant given the DAP work.


-- 
Marcos Caceres
http://datadriven.com.au
Received on Tuesday, 2 June 2009 11:42:57 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT