Re: Simple approach for <access>

Hi Scott,

On Apr 16, 2009, at 18:18 , Scott Wilson wrote:
> So far we haven't come across a widget thats needed more than - at  
> most - access to a few services, all coded as a single URL or single  
> domain.  The only exception to the rule are RSS widgets, but these  
> are right at the other end of the spectrum, and would need <access  
> href="*"/>.

In the current version that's being put into CVS right now the above  
wildcard would have to be done as:

   <access uri="http://*"/>

or, possibly:

   <access uri="http://*"/>
   <access uri="https://*"/>

The reason for this is that just putting a * means that if the  
implementation supports other protocols (e.g. ftp, but it could really  
be anything else) you're really asking for it to be open for anything.  
This might not be portable (it'll depend on which protocols the  
platform supports) and it might break all of a sudden (say the  
platform suddenly adds support for IRC, or file:, but security  
restrictions say that's forbidden for this widget). I think it's a  
small cost to pay for the benefits.

> I think the wording here is perhaps phrased in an 'inverted' way:  
> <access> provides hints to the UA that it should permit access to  
> the specified resource, its not about restricting restrict access to  
> unspecified resources, which would seem to me to be entirely a  
> question for the implementation.

Yeah, the wording was the opposite of what I meant :) Fixed now.

-- 
Robin Berjon - http://berjon.com/
     Feel like hiring me? Go to http://robineko.com/

Received on Sunday, 19 April 2009 14:15:56 UTC