- From: <mzurko@us.ibm.com>
- Date: Fri, 23 Oct 2009 20:33:45 +0000
- To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
- Cc: public-usable-authentication@w3.org
Dear Marcin Hanclik , The Web Security Context Working Group has reviewed the comments you sent [1] on the Last Call Working Draft [2] of the Web Security Context: User Interface Guidelines published on 26 Feb 2009. Thank you for having taken the time to review the document and to send us comments! The Working Group's response to your comment is included below. Please review it carefully and let us know by email at public-usable-authentication@w3.org if you agree with it or not before 30 October 2009. In case of disagreement, you are requested to provide a specific solution for or a path to a consensus with the Working Group. If such a consensus cannot be achieved, you will be given the opportunity to raise a formal objection which will then be reviewed by the Director during the transition of this document to the next stage in the W3C Recommendation Track. Thanks, For the Web Security Context Working Group, Thomas Roessler W3C Staff Contact 1. http://www.w3.org/mid/FAA1D89C5BAF1142A74AF116630A9F2C2890BCA50A@OBEEX01.obe.access-company.com 2. http://www.w3.org/TR/2009/WD-wsc-ui-20090226/ ===== Your comment on : > The term "chrome" seems undefined, in the document it seems to be > implicitly equivalent to the user interface. > FYI: The View Modes specification [1] (currently approaching FPWD) > tries to define what chrome is, mentions scrollbars etc. > > 4.2.1 > The term "widget" is used. In order not to confuse a potential reader > (aka W3C Widgets), I suggest to change "widget" to "control" or "UI > component". > > 7.2 > Could the document mention the Widget User Agent as well? > [2] defines the "mini" mode that is without chrome. > > 6.3 > Widgets related: > [3] could be used to define some indicator specifying who/how the > widget was signed. > > 7.4.2 > What if the installation-related security aspects are controlled by the > underlying security policy? > [4], specifically its section 3.2.3 is just FYI. > > 7.4.1 > FYI: > "Web user agents MUST prevent web content from overlaying chrome. User > interactions that are perceived to deal with browser chrome must not be > detectable for Web content." > is important for [5] and [6]. > > [1] > http://dev.w3.org/2006/waf/widgets-vm/vm-mediafeature.src.html#chrome > [2] > http://dev.w3.org/2006/waf/widgets-vm/vm-mediafeature.src.html#mini > [3] http://www.w3.org/TR/widgets-digsig/ > [4] > http://bondi.omtp.org/1.01/security/BONDI_Architecture_and_Security_v1_01.pdf > [5] http://bondi.omtp.org/1.01/apis/ui.html > [6] http://www.w3.org/2009/dap/ > > ________________________________________ > > Access Systems Germany GmbH > Essener Strasse 5 | D-46047 Oberhausen > HRB 13548 Amtsgericht Duisburg > Geschaeftsfuehrer: Michel Piquemal, Tomonori Watanabe, Yusuke Kanda > > www.access-company.com > > CONFIDENTIALITY NOTICE > This e-mail and any attachments hereto may contain information that is > privileged or confidential, and is intended for use only by the > individual or entity to which it is addressed. Any disclosure, copying > or distribution of the information by anyone else is strictly > prohibited. > If you have received this document in error, please notify us promptly > by responding to this e-mail. Thank you. Working Group Resolution (LC-2257): Thank you for your review. "chrome" is primary and secondary UI; we've attempted to make that clearer, by stating that explicitly. "widget" is a term used in user interface terminology, which is why we are using it. Without a specific proposal, we were unsure what to mention about the Widget User Agent. A widget signing indicator is beyond the scope of this version of the spec. But thank you for pointing that out. Thank you for the fyi on BONDI and the pointer to DAP. ----
Received on Friday, 23 October 2009 20:33:50 UTC