- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 27 May 2009 08:32:14 -0700
- To: public-webapps <public-webapps@w3.org>
I haven't read all the threads about the widget URI scheme, but I wanted to contribute this thought: Instead of using a UUID as the authority, you might consider using a public key. You could then require that the widget is signed by the cooresponding private key. Using a public key has several advantages: 1) The widget URI scheme is now actually capable of designating identifying resources (because the UUID isn't generated separately for each device). 2) A developer can provide an updated version of the widget with the same origin as the original widget (by using the same public key). This lets the developer update the widget without losing access to the widget's localStorage, etc. 3) A developer can write two widgets that occupy the same origin (again, but re-using the public key). These widgets will be able to interact more freely, for example by sharing the same localStorage, etc. 4) When one widget uses postMessage to communicate with another widget, the second widget actually gets some meaningful information about where the message came from (e.g., it can have a whitelist of approved public keys). etc Adam
Received on Wednesday, 27 May 2009 15:33:10 UTC