Re: [widgets] Please include a statement of purpose and user interaction expectations for <feature>

On Tue, 02 Jun 2009 14:57:46 +0200, Henri Sivonen <hsivonen@iki.fi> wrote:

> Please state the purpose of <feature>. (That it's for authorizing  
> features that don't participate in the Web-oriented browser security  
> model.)
>
> Please include a corresponding UA requirement to obtain authorization  
> from the user for the features imported with <feature>. (It seems that  
> the security aspect requires an authorization and doesn't make sense if  
> the dangerous feature are simply imported silently.) As far as I can  
> tell, the spec doesn't currently explain what the UA is supposed to do  
> with the 'feature list' once built.

Such authorization may be made in a number of other ways than 'from the  
user'.  A user agent distributor may for instance use signatures on  
applications to determine that the feature is safe[1] to access.


[1] «Safe»: here meaning that an application signed with a particular  
signature is in compliance with criteria regarding both security and  
privacy-related concerns.
-- 
Arve Bersvendsen

Opera Software ASA, http://www.opera.com/

Received on Tuesday, 2 June 2009 13:20:04 UTC