Re: Automatic Entry and Forms

Adam Jack (ajack@corp.micrognosis.com)
Mon, 26 Feb 1996 09:50:37 -0500 (EST)


Date: Mon, 26 Feb 1996 09:50:37 -0500 (EST)
From: Adam Jack <ajack@corp.micrognosis.com>
To: hallam@w3.org
Cc: "Daniel W. Connolly" <connolly@beach.w3.org>,
Subject: Re: Automatic Entry and Forms 
In-Reply-To: <9602252230.AA22051@zorch.w3.org>
Message-Id: <Pine.SUN.3.91.960226085354.27933B-100000@singhi>

On Sun, 25 Feb 1996 hallam@w3.org wrote:

> 1) Malicious servers may attempt to trick the user into submitting data
> 	without their consent
>
> On (1) yesw there is a problem for any automatic forms entry scheme. 
> This could be dealt with in two ways. 

Two or more.

> Either the browser comes up with a dialogue box
> and asks (do you want to automatically add in these fields". Alternatively
> the automatic fill in protocol might be configured to only operate within
> a closed subnet - for forms comming from within a company say.
> 
I agree with the first - the second seems a bit limited functionality.

I know this is probably a user agent implementation issue however I would
like to see some further discussion on it in any proposal.

> 2) Wouldn;t it be easier to have a central registry?
> 
> There is a world of difference between a system in which it is in peoples
> interests to abide by a common standard and one where one is rammed down
> peoples throats. 
>
I am not suggesting anything like the later.

> There is also a deeper philosophical issue here. The Web works because it
> is decentralised and has no central registry. 
>
I am not sure I agree -- they all registered with Internic or their 
internal DNS system. At a time any browser knows how to lookup an
find the IP address for a domain name. Also routing tables are
propagated to allow requests and responses to be delivered. 

Additionally - are not the likes of Yahoo and WebCrawler a form of
centralized registry? Sure - the WWW works without them but they are
best located by being in the registary.

For ease of use everything must be easily looked up. As I said - I am not
suggesting a new NS for propagation. I am just hoping that there will be
a mechanism whereby any field can be looked up without difficulty.
 
> I see this as an area where we can win most by staying aloof from the fray.
> Someone somewhere will produce a very comprehensive set of field templates
> and people will want to use them. I prefer to offload that type of work onto
> people who have time and possibly expertise.
>
Could that not equally be done by setting a field name standard and then 
stepping back? We could have names like :

WWW.Personal.Name.FirstName = Adam
WWW.Personal.Name.LastName = Jack

As a naming scheme it lacks the nice automatic help feature of attaching
a URI but it allows hierarchy. As I said -- one could then allow or
disallow whole groups of data to certain sites.

People could extend it with :

MyExtension.Browser.Version
MyExtension.Browser.Name 		

or something like :

WWW.Personal.Name.MyExtension.NickName (as said - I am no name wiz.)

Any 'centralized' registry could be a simple CGI script on a server.
These days firms jump on the bandwagon of offering 'public services'
-- and this need be no different. How many fields will the be
anyway? Hundreds? Never more than thousands -- and definately not 
the Internic millions.

Adam
--
+1-203-730-5437 | http://www.micrognosis.com/~ajack/index.html