RE: Passing "origin" with intents from Josh Soref on 2012-08-29 (public-web-intents@w3.org from August 2012)

From: Josh Soref <jsoref@rim.com>
Date: Wed, 29 Aug 2012 17:16:33 +0000
To: WebIntents <public-web-intents@w3.org>
Message-ID: <957F1ECDA90E004B8DBDE23CFC94E3A33A52AA91@XMB103ECNC.rim.net>

Conrad wrote:
> A couple of other use-cases for including the origin could be:
> * Content-filtering: If I am running an image sharing web-intent, I
> might want to block content from http://*.xxx.

I don't think this as described is a valid use case. If you want to block content, you'll need to block the content anyway. Just discriminating against its origin won't do the right thing. It'll be a case of whack-a-mole.

> * UI enhancement: If I am running an editing web-intent, it would be
> nice to be able to tell the user "return to <origin>"

This is flawed. The UX we're designing handles this automatically. You're in a tab/subframe, the user closes you and is automatically returned.

> * Authentication: If I am running an authentication web-intent, it's
> essential to know which website is asking for the user's identity (I
> don't want to give it to a malicious 3rd-party by accident).

I think this is also flawed. If you're an identity provider, then it's your job to do what your client, which is the user, asks you to do, not to do what you think is right. If I, the user, ask you to identify me to Cops in Cuba or Iran, and you feel opposed to that, tough, the fact that you're an American organization doesn't magically entitle you to refuse partial service to me (I'm picking on the hypothetical American, I'm an American too). 

There's nothing *accidental* about the user selecting your provider. The user is consciously choosing you, if the UA fails to get this part right, then WebIntents have totally failed (in that UA) -- and that needs to be fixed.

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

Received on Wednesday, 29 August 2012 17:17:10 UTC