W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widgets] Please include a statement of purpose and user interaction expectations for <feature>

From: Arve Bersvendsen <arveb@opera.com>
Date: Tue, 02 Jun 2009 15:19:17 +0200
To: "Henri Sivonen" <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
Message-ID: <op.uuwfafbjbyn2jm@galactica>
On Tue, 02 Jun 2009 14:57:46 +0200, Henri Sivonen <hsivonen@iki.fi> wrote:

> Please state the purpose of <feature>. (That it's for authorizing  
> features that don't participate in the Web-oriented browser security  
> model.)
>
> Please include a corresponding UA requirement to obtain authorization  
> from the user for the features imported with <feature>. (It seems that  
> the security aspect requires an authorization and doesn't make sense if  
> the dangerous feature are simply imported silently.) As far as I can  
> tell, the spec doesn't currently explain what the UA is supposed to do  
> with the 'feature list' once built.

Such authorization may be made in a number of other ways than 'from the  
user'.  A user agent distributor may for instance use signatures on  
applications to determine that the feature is safe[1] to access.


[1] «Safe»: here meaning that an application signed with a particular  
signature is in compliance with criteria regarding both security and  
privacy-related concerns.
-- 
Arve Bersvendsen

Opera Software ASA, http://www.opera.com/
Received on Tuesday, 2 June 2009 13:20:04 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT