Re: XForms - Secure or Insecure?

Aaron,

We obviously have very different concepts of what web services are!

I would have thought that just about all web services that you refer to
would be in "domains different to the one where the page was downloaded". As
it happens, that's what makes it so exciting - in one form we can search
both Google and Amazon for the same word; in one form we can find a zip code
from an address, and then use that zip code to find weather and traffic
reports; in one form I can monitory umpteen news feeds or RSS logs, or even
manage my Atom-powered blog (coming soon ;)).

In other words, far from causing a problem, XForms makes these new-fangled
web services accessible. Let's face it, despite being around for years web
services are pretty much unusable by anyone outside of a corporate IT
department.

Regards,

Mark


Mark Birbeck
CEO
x-port.net Ltd.

e: Mark.Birbeck@x-port.net
t: +44 (0) 20 7689 9232
w: http://www.formsPlayer.com/

Download our XForms processor from
http://www.formsPlayer.com/

> -----Original Message-----
> From: www-forms-request@w3.org
> [mailto:www-forms-request@w3.org] On Behalf Of Aaron Reed
> Sent: 24 August 2004 21:50
> To: www-forms@w3.org
> Subject: XForms - Secure or Insecure?
> 
> 
> 
> I also have a question about XForms security.  For example,
> the formsPlayer example at: 
> http://www.formsplayer.com/community/samples/google-search.html.
> 
> Running this example in a browser should raise eyebrows.
> Submitting SOAP to 
> domains DIFFERENT from the one where the page was downloaded 
> and REPLACING content in the current page so that the user 
> doesn't have any kind of cue that something just happened 
> seems like the kind of power for a form that we don't want to 
> encourage (in a browser context, at least).  Is this 
> something that is going to be addressed in the 1.1 spec when 
> the SOAP stuff goes in?
> 
> --Aaron
> 
> 
> 

Received on Wednesday, 25 August 2004 17:26:35 UTC