W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: Request for Reviewers: Section 7.4 of Web Security Context: User Interface Guidelines; deadline Sep 24

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 18 Sep 2009 23:12:16 -0700
Message-ID: <7789133a0909182312s5119eafhffa1c80629648f49@mail.gmail.com>
To: Arthur Barstow <art.barstow@nokia.com>
Cc: public-webapps <public-webapps@w3.org>, Thomas Roessler <tlr@w3.org>, Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, public-usable-authentication@w3.org
Comments below.

> Web user agents MUST prevent web content from obscuring, hiding, or disabling security user interfaces.

This is impossible in a multi-window web user agent in an overlapping
window manager (e.g., every major browser on every major
general-purpose operating system).

> Web user agents MUST NOT allow web content to open new windows with the browser's security UI hidden.

This precludes innovative solutions to the full-screen video problem,
like Flash's disabling of the keyboard to prevent password theft.

> Web user agents MUST prevent web content from overlaying chrome. User interactions that are perceived to deal with browser chrome must not be detectable for Web content.

This is generally not the case for keyboard user interactions.  In
typical user agents, keyboard events are sent to the content area
before being processed by browser chrome.

> Web user agents MUST NOT expose programming interfaces which permit installation of software without a user intervention.

What does it mean to install software?

> Web user agents MUST inform the user and request consent when web content attempts to install software outside of the browser environment.

Why can't the user agent simply ignore these attempts?

> Web user agents MAY inform the user when web content attempts to execute software outside of the agent environment.

What is the agent environment?  For example, does follow a mailto link
fall under this requirement given that seems to execute the user's
default mail software outside the user agents environment

> Web user agents MUST NOT expose programmatic interfaces that allow bookmarking without explicit user consent.

Should the user agent not expose the API without consent, or should
the API not allow bookmarking without consent?

> Web user agents MUST NOT expose programmatic interfaces that allow bookmarking an URL that does not match the URL of the page that the user currently interacts with.

Why not?

On a more general note, what do you mean by expose a programmatic
interface?  Does that cover browser extension APIs?  Those are
certainly programatic interfaces exposed by the user agent.  Pushing
in another direction, what if the user agent exposed that
functionality via an HTML tag.  Would that be a *programmatic*
interface?

> Web user agents which offer this restriction SHOULD offer a way to extend permission to individual trusted sites. Failing to do so encourages users who desire the functionality on certain sites to disable the feature universally.

What if the user agent doesn't expose a user interface to disable the
feature universally?

Adam


On Thu, Sep 17, 2009 at 11:06 AM, Arthur Barstow <art.barstow@nokia.com> wrote:
> The title of the spec is actually "Web Security Context: User Interface
> Guidelines":
>
>  http://www.w3.org/TR/wsc-ui/#robustness-api
>
> On Sep 17, 2009, at 1:57 PM, Barstow Art (Nokia-CIC/Boston) wrote:
>
>> All,
>>
>> The Web Security Context Working Group asked WebApps to review
>> Section 7.4 of their Web Security Context Working Group spec:
>>
>>  <http://www.w3.org/TR/wsc-ui/#robustness-apis>
>>
>> If you have any comments, please send to the following list by
>> September 24 at the latest:
>>
>>  public-usable-authentication@w3.org
>>
>> -Regards, Art Barstow
>>
>>
>>
>
>
>
Received on Saturday, 19 September 2009 06:13:19 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:33 GMT