- From: Jim Ley <jim.ley@gmail.com>
- Date: Fri, 2 Feb 2007 08:29:19 +0000
- To: "Marcos Caceres" <m.caceres@qut.edu.au>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On 02/02/07, Marcos Caceres <m.caceres@qut.edu.au> wrote: > I agree; the security API requirements are still fairly underspecified and > maybe it should be a MUST that all widgets include a manifest (R11). My > feeling is that we need to make a whole new requirements section just > devoted to the security context at large (including APIs). That would be great. > Is this kinda what you mean by "fully addressing"? Or are you also saying > that it would be required that some kind of user intreface alert is > presented to the user? Should this be part of the requirement's document or > part of the Widgets 1.0 spec itself? I don't think it would be useful to specify specific UI's or anything, implementors are best placed to know the best way to handle it for their situation. What I would like to be able to see is something that says provided APIs should be at more than just FULL TRUST, so I could have a widget on my phone that was allowed to make a web request, but not one that was allowed to make a phone call. I'm afraid I have nothing to help you though. > Nevertheless, I don't agree that widget > should be able to change the update IRI as I see that as a security issue I didn't say I agreed with it either, I just thought it was slightly pre-judging the future for a requirements doc. I'm happy either way though. Cheers, Jim.
Received on Friday, 2 February 2007 08:29:26 UTC