- From: Robin Berjon <robin@berjon.com>
- Date: Fri, 22 Jun 2012 11:21:20 +0200
- To: Scott Wilson <scott.bradley.wilson@gmail.com>
- Cc: "Charles McCathieNevile" <chaals@opera.com>, "W3C CoreMob CG" <public-coremob@w3.org>
On Jun 19, 2012, at 15:45 , Scott Wilson wrote: >>> Widgets are easy to implement. I wonder how many have been security audited though — it's easy to get things rather wrong. > > Check out Webinos, which is a secure W3C Widgets platform for multiple devices including in-vehicle systems: > > https://developer.webinos.org/ > > Apache Wookie uses a fairly simple security model, as its aimed at widgets placed into portal-style applications. However even then its up to the container - so I saw one mil portal recently running inline chromless widgets in fixed positions, rather than the more typical netvibes/igoogle style arrangement. I'm well aware of Webinos and Wookie. I didn't say that all widgets are insecure, just that it's easy to get their security wrong. The first step that the SysApps group will take when it gets chartered is look at how to define a runtime environment for Web apps that might access trusted functionality — it's a missing part at the moment. -- Robin Berjon - http://berjon.com/ - @robinberjon
Received on Friday, 22 June 2012 09:21:50 UTC