W3C home > Mailing lists > Public > www-forms@w3.org > October 2003

RE: How secure is XForms?

From: Daniel Fowler <daniel.fowler@focus-solutions.co.uk>
Date: Thu, 9 Oct 2003 18:38:42 +0100
Message-ID: <30A02A46CB77D511851900508BAEADBCD1F5B1@exchange.focus-internal.co.uk>
To: www-forms@w3.org, XForms@yahoogroups.com

How secure is old school HTML forms?

I regularly buy from the Internet using personal data via HTML. But only use
a "secure" connection.

However, I would NOT want a remote XForms renderer to do things locally
unless I know what it is doing.

I would NOT want a local XForms Browser plug-in to send stuff out over the
wire unless I knew what it was doing (gave it permission?).

I would want a browser plug-in XForms renderer to be verifiable (digitally
signed?).

I would want a statement of assurance (usual legal stuff) from the XForms
product vendor to make sure it has no "hidden" features. Would they need to
be insured for likely losses?

Yep the tool vendors will need to provide comprehensive answers.

DAN
Daniel Fowler

-----Original Message-----
From: AndrewWatt2001@aol.com [mailto:AndrewWatt2001@aol.com]
Sent: 09 October 2003 18:15
To: www-forms@w3.org; XForms@yahoogroups.com
Subject: How secure is XForms?


I would like to pose a question that I first asked many months ago, "How
secure is XForms?" I didn't find the answers given at the time totally
compelling.

Particularly for potential business users of XForms it seems to me a
fundamental question.

What is the best, most complete answer that the XForms WG or XForms tool
vendors care to put forward to provide reassurance on this point?

Andrew Watt
http://www.tfosorciM.org/blog - "Reflecting on Microsoft" 
Received on Thursday, 9 October 2003 13:37:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:21:56 GMT