W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: [widgets] Widgets URI scheme... it's baaaack!

From: Robin Berjon <robin@berjon.com>
Date: Wed, 2 Sep 2009 16:17:33 +0200
Cc: marcosc@opera.com, public-webapps <public-webapps@w3.org>
Message-Id: <41A4E30B-9971-4212-BABF-1A817219F816@berjon.com>
To: Mark Baker <distobj@acm.org>
Hi Mark,

On May 22, 2009, at 15:25 , Mark Baker wrote:
> I'm curious to learn where the requirement that "Must not allow
> addressing resources outside a widget" came from?  Can you point to a
> precedent for such a restriction in any other protocol?  I remember
> TimBL writing something to the effect of "Anywhere you can use a URI,
> you can use any URI", possibly in his design issues, but I can't find
> a reference right now.

The idea is that as currently defined, the URI scheme can only point  
to resources contained inside the widget. Wherever you use a widget:  
URI, you can also use other URI schemes such as http: or file: (i.e.  
there's no restriction on the content) but depending on your security  
settings it might not be retrieved and if executed it probably won't  
have access to the same APIs. The widget: URI comes with a guarantee  
that you're pointing inside the widget, which is a nice, clean,  
sandboxed world (which incidentally might also be signed).

> I also don't understand what that bit about "run on the web" means  
> in the intro.

Yeah, neither do I. I've tried to make the abstract clearer.

Thanks!

-- 
Robin Berjon - http://berjon.com/
Received on Wednesday, 2 September 2009 14:18:19 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:33 GMT