RE: [widgets] Widgets URI scheme... it's baaaack!

What makes a set of widgets "related"? Is there an attack where
based on UUID knowledge where two unrelated widgets could somehow
appear "related"?

What "existing infrastructure for security" are you planning
to reuse? 

Often, security loopholes are introduced when reusing
security infrastructure designed for one context in 
a way that it wasn't designed for.

"thismessage:/" basically didn't allow references outside
the package at all. By adding a UUID and alluding to
"related" packages as possibly being available, "widget"
might become a vector.

I'm not saying it is, I'm just saying that getting external
review for security mechanisms and assumptions is critical.

Larry
--
http://larry.masinter.net



-----Original Message-----
From: Arve Bersvendsen [mailto:arveb@opera.com] 
Sent: Friday, May 22, 2009 9:55 AM
To: Larry Masinter; marcosc@opera.com; public-pkg-uri-scheme; public-webapps
Subject: Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 17:29:57 +0200, Larry Masinter <masinter@adobe.com>  
wrote:

> If the widget: scheme is intended for inter-package references
> then there are security issues with that. If not, then why the UUID?

At the time of writing, I do not see them being used for inter-package  
references (If my understanding equals yours here, as in "references  
between otherwise unrelated widgets".

The UUID? Well, it actually eases implementations a bit, since an  
implementation can use the UUID as "domain" when requests are made, which  
actually allows vendors to reuse existing infrastructure for security  
checks and so on.
-- 
Arve Bersvendsen

Opera Software ASA, http://www.opera.com/

Received on Friday, 22 May 2009 17:14:28 UTC