RE: Use Cases and Requirements for Saving Files Securely

On Mon, 2 Nov 2009, Doug Schepers wrote:
> 
> Please send in use cases, requirements, concerns, and concrete 
> suggestions about the general topic (regardless of your opinion 
> about my suggestion).

We presented a paper on behalf of TiddlyWiki, an example
Single Page Application at the devices workshop last year:

    http://www.w3.org/2008/security-ws/papers/osmosoft.html

TiddlyWiki makes use of a number of file system features 
currently accesed through a variety of browser specific 
tactics including a signed applet, which for reasons of 
security, simplifying the user interface and to ensure
continued support for our large user base we would like to 
see formalized in a standard File API, in particular:

- The ability to "save" themselves, by writing back to the 
  originating file URI, following being granted privileges,

- The ability to create and write adjunct text files in the same
  directory, such as an RSS feed, hcard, ics and RTF documents, 

- Ideally we'd like the ability to read, manipulate and 
  write binary files, such as images, PDF files and tags 
  in audio and other media files.

>From our position, the proposed File API looked good in terms
of the Use Cases section which covered the above, and
the File object, though on closer inspection the 
specification did not include any APIs for writing, 
which puzzled us greatly.

Given the value of the core of this specification in 
holding and manipulating files in memory, I'd be 
inclined to suggest keeping the name "File API" 
and provide simple write methods.
 
Maybe the more complex issue of access control could 
be provided as a separate specification, given that's 
a generic issue for the DAP?

--
Paul (psd)
http://blog.whatfettle.com
http://osmosoft.com

Received on Wednesday, 11 November 2009 11:57:46 UTC