RE: [widgets] Minutes from 12 March 2009 Voice Conference

Ok!


*************************************
T-Mobile International
Terminal Technology
Rainer Hillebrand
Head of Terminal Security
Landgrabenweg 151, D-53227 Bonn
Germany

+49 171 5211056 (My T-Mobile)
+49 228 936 13916 (Tel.)
+49 228 936 18406 (Fax)
E-Mail: rainer.hillebrand@t-mobile.net

http://www.t-mobile.net

This e-mail and any attachment are confidential and may be privileged. If you are not the intended recipient, notify the sender immediately, destroy all copies from your system and do not disclose or use the information for any purpose. 

Diese E-Mail inklusive aller Anhänge ist vertraulich und könnte bevorrechtigtem Schutz unterliegen. Wenn Sie nicht der beabsichtigte Adressat sind, informieren Sie bitte den Absender unverzüglich, löschen Sie alle Kopien von Ihrem System und veröffentlichen Sie oder nutzen Sie die Information keinesfalls, gleich zu welchem Zweck.




T-Mobile International AG
Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/ Chairman)
Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/ Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276
Steuer-Nr./Tax No.: 205 / 5777/ 0518
USt.-ID./VAT Reg.No.: DE189669124
Sitz der Gesellschaft/ Corporate Headquarters: Bonn




-----Original Message----- 
From: marcosscaceres@gmail.com [mailto:marcosscaceres@gmail.com] On Behalf Of Marcos Caceres
Sent: Montag, 16. März 2009 15:34
To: Hillebrand, Rainer
Cc: Arthur Barstow; public-webapps
Subject: Re: [widgets] Minutes from 12 March 2009 Voice Conference

On Mon, Mar 16, 2009 at 3:06 PM, Hillebrand, Rainer <Rainer.Hillebrand@t-mobile.net> wrote:
> Dear Art,
>
> Regarding "P&C spec - Mandatory config file", I would like to give more information about my concerns.
>
> According to the current "W3C Working Draft 9 March 2009", the config.xml file has a single mandatory element. This is the <widget> element. All its expected children elements and attributes are optional. Therefore I have got the impression that the config.xml file does not add any security. However, it will help to identify a zip archive as a widget if the media type and/or file extension are missing.
>
> To be clear, I do not have any objections against the config.xml file in general. I only have concerns regarding its potential to improve security.
>

Ok, forget the security aspects. Lets just say it identifies a widget as being a widget in the absence of a media type.


--
Marcos Caceres
http://datadriven.com.au

Received on Monday, 16 March 2009 14:45:13 UTC