- From: Williams, Stuart (HP Labs, Bristol) <skw@hp.com>
- Date: Wed, 29 Aug 2007 16:12:44 +0100
- To: "Arthur Barstow" <art.barstow@nokia.com>
- Cc: <public-appformats@w3.org>
Hello Art, Please accept my apologies for the late response. Some time ago [1] the TAG asked me to send along the following comment in response to your request[2] for feedback which I utterly failed to do at the time. -- The TAG have asked me to respond to your request for feedback [2]. In addition to comments from Rhys Lewis [3], the TAG has the following comment: 1) The TAG would like the introduction to the document to contain a fuller account of the rationale behind the existing UA sandbox policy and the attacks that it is intended to guard against. For example, we believe that one of the key use-cases that the sandbox policy is intended to address is leakage of confidential information from behind a firewall arising from either accidental or malicious scripted behaviour executing within the UA. We would then like the document to indicate whether there are situations where implementation of the Read Access Control Policy mechanism would make a UA and the network to which it is attached any more vulnerable to attack. We think that the increased risk is probably small, but we believe that the document should present more analysis than it does at present. Stuart Williams for W3C TAG [1] http://www.w3.org/2001/tag/2007/07/09-tagmem-minutes.html#item04 [2] http://lists.w3.org/Archives/Public/www-tag/2007Jun/0114 [3] http://lists.w3.org/Archives/Public/www-tag/2007Jun/0145 -- Hewlett-Packard Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England
Received on Wednesday, 29 August 2007 15:15:09 UTC