W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

FW: [widgets] viewmodes spec

From: David Rogers <david.rogers@omtp.org>
Date: Mon, 26 Oct 2009 09:23:21 -0000
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0601E5EFA9@exch-be14.exchange.local>
To: "Arthur Barstow" <art.barstow@nokia.com>, "Marcos Caceres" <marcosc@opera.com>
Cc: "public-webapps" <public-webapps@w3.org>, "Thomas Roessler" <tlr@w3.org>
Hi Art and Marcos,


I didn't see this point discussed in the last widgets meeting minutes.
Do you know if anybody has started work on any security guidelines for
widgets? I noticed that in the "Web Security Context: User Interface
Guidelines", for example this requirement[1] there may be some conflict
with widgets / potential to put requirements there for the item below
and others?







[1] http://www.w3.org/TR/wsc-ui/#keepchromevisible-goodpractice 


From: public-webapps-request@w3.org
[mailto:public-webapps-request@w3.org] On Behalf Of David Rogers
Sent: 22 October 2009 11:52
To: public-webapps@w3.org
Cc: Barstow Art (Nokia-CIC/Boston)
Subject: [widgets] viewmodes spec


Hi there,


At the last widgets call I agreed to ask OMTP BONDI members if there was
any feedback on viewmodes. We didn't receive a lot of views but one
thing I raised was that as far as I can tell, there is no text to cover
off invisible widgets or widgets of, for example height and width 1x1.
There may be a valid reason for someone to have an invisible widget but
there are still some abuse scenarios - for example, if someone created a
transparent widget that then maximises in front of your payment
application just as you go to enter your PIN or password it could be a
major issue.


I'm not sure that anyone has started work on any widget security








David Rogers
OMTP Director of External Relations 

Received on Monday, 26 October 2009 09:30:36 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 February 2015 14:36:39 UTC