W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

RE: VMMF - new version

From: David Rogers <david.rogers@omtp.org>
Date: Wed, 24 Mar 2010 19:10:54 -0000
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0602078FF9@exch-be14.exchange.local>
To: "Robin Berjon" <robin@berjon.com>, "public-webapps WG" <public-webapps@w3.org>
Hi Robin,

I'm not sure how far forward we are with this but looking at the
security considerations, it would be useful to have the examples for
implementers to understand where we're coming from with the concerns.
For your info, this was the original proposal I discussed with Marcin:

Security Considerations

Widgets could be intentionally designed to visually dupe or confuse the
user for social engineering purposes. Some methods that could be used to
perform this could be by creating:

*	widgets that the user cannot see (full-screen invisible widgets
in front of other things on the screen, such as a PIN-code entry)
*	widgets that have a size smaller than the user can reasonably
see (e.g. a 1px x 1px widget)
*	widgets that have no chrome that could masquerade as some other
existing object on the screen (for example a lock and key)

Implementers of this specification are asked to take these points into
account and design appropriate measures to safeguard the user.

Thanks,



David.

-----Original Message-----
From: public-webapps-request@w3.org
[mailto:public-webapps-request@w3.org] On Behalf Of Robin Berjon
Sent: 04 March 2010 13:13
To: public-webapps WG
Subject: VMMF - new version

Hi all,

I just produced an update of VMMF to make it ready for publication:
http://dev.w3.org/2006/waf/widgets-vmmf/.

Essentially I changed it so that it corresponds to CSS Media Queries.
That, plus it being a UI oriented specification, means that there's only
one normative assertion and it's a SHOULD.

Comments welcome, I think that this baby can ship.

-- 
Robin Berjon - http://berjon.com/
Received on Wednesday, 24 March 2010 19:11:34 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:37 GMT