- From: Scott Wilson <scott.bradley.wilson@gmail.com>
- Date: Fri, 22 May 2009 12:04:29 +0100
- To: public-webapps WG <public-webapps@w3.org>
RXX: Restricted access to remote web services using white/black lists Motivation: Security, Current development practice or industry best- practice, Interoperability Rationale: A Widget may need to make use of external web services in order to function, for example using AJAX to obtain information. A User Agent may wish to restrict access to external web services from Widgets based on white lists or black lists, for example using a proxy server or firewall. This raises the possibility for users installing Widgets that are unable to function due to access restrictions on remote web services. By providing a mechanism for declaring a Widget's access requirements, the usability and interoperability of Widgets can be improved. For example, when a user attempts to install a Widget in a User Agent, and the Widget Configuration Document declares that it requires access to currently blocked services in order to function, the User Agent may prompt the user to choose to: (1) enable access to the service (for example, adding the service to a proxy server or firewall white list), (2) cancel installing the Widget, or (3) proceed with installation, with the user now aware that there may be problems with the Widget due to restricted access to services.
Received on Friday, 22 May 2009 11:05:13 UTC