- From: Raphaël Troncy <Raphael.Troncy@cwi.nl>
- Date: Tue, 01 Dec 2009 20:56:43 +0100
- To: Soohong Daniel Park <soohong.park@samsung.com>
- CC: public-media-annotation@w3.org
Dear Daniel, > For MWAG, I do not think they need to consider it. Since the contents > and metadata in MAWG are hosted in the Web, for example Youtube, Pandora > and etc. These sites if they implement the MAWG API on their platform, > they will handle the security issue by their own, which is a cross > domain topic in the web development. If Youtbe, Pandora does not > implement MAWG API, but other 3rd party libraries implemented, the 3rd > party developer surely will utilize the host sites' security solution to > implement the API. How do you prevent someone to inject a malicious script within a web page using the set method of the MAWG API? If you rely solely on the host site to setup some security mechanism, then how do you guarantee interoperability between sites? At minimal, it seems to me that existing technologies addressing this kind of issue should be mentioned. Best. Raphaël -- Raphaël Troncy EURECOM, Multimedia Communications Department 2229, route des Crêtes, 06560 Sophia Antipolis, France. e-mail: raphael.troncy@eurecom.fr & raphael.troncy@gmail.com Tel: +33 (0)4 - 9300 8242 Fax: +33 (0)4 - 9000 8200 Web: http://www.eurecom.fr/~troncy/
Received on Tuesday, 1 December 2009 19:57:37 UTC