FW: [widgets] viewmodes spec from David Rogers on 2009-10-26 (public-webapps@w3.org from October to December 2009)

From: David Rogers <david.rogers@omtp.org>
Date: Mon, 26 Oct 2009 09:23:21 -0000
To: "Arthur Barstow" <art.barstow@nokia.com>, "Marcos Caceres" <marcosc@opera.com>
Cc: "public-webapps" <public-webapps@w3.org>, "Thomas Roessler" <tlr@w3.org>
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0601E5EFA9@exch-be14.exchange.local>

Hi Art and Marcos,

 

I didn't see this point discussed in the last widgets meeting minutes.
Do you know if anybody has started work on any security guidelines for
widgets? I noticed that in the "Web Security Context: User Interface
Guidelines", for example this requirement[1] there may be some conflict
with widgets / potential to put requirements there for the item below
and others?

 

Thanks,

 

 

David. 

 

[1] http://www.w3.org/TR/wsc-ui/#keepchromevisible-goodpractice 

 

From: public-webapps-request@w3.org
[mailto:public-webapps-request@w3.org] On Behalf Of David Rogers
Sent: 22 October 2009 11:52
To: public-webapps@w3.org
Cc: Barstow Art (Nokia-CIC/Boston)
Subject: [widgets] viewmodes spec

 

Hi there,

 

At the last widgets call I agreed to ask OMTP BONDI members if there was
any feedback on viewmodes. We didn't receive a lot of views but one
thing I raised was that as far as I can tell, there is no text to cover
off invisible widgets or widgets of, for example height and width 1x1.
There may be a valid reason for someone to have an invisible widget but
there are still some abuse scenarios - for example, if someone created a
transparent widget that then maximises in front of your payment
application just as you go to enter your PIN or password it could be a
major issue.

 

I'm not sure that anyone has started work on any widget security
guidelines?

 

Thanks,

 

 

David.

 

 

David Rogers
OMTP Director of External Relations

Received on Monday, 26 October 2009 09:30:36 UTC