W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widgets] Public keys in widgets URI scheme?

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 27 May 2009 20:24:45 +0200
To: Adam Barth <w3c@adambarth.com>
Message-Id: <FB01E49C-FC7C-4D62-A07A-F541C82F6C1E@w3.org>
Cc: Henri Sivonen <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
I suspect that that's a discrepancy between what the spec says, and  
what it's meant to say.

However, there is indeed a choice to be made between having a single  
"origin" for all widgets signed with the same key (with corresponding  
mutual access rights), having a boundary between different widgets  
signed with the same key, and having a boundary between widget  

While I really like the "public-key-as-origin" idea, I wonder whether  
the most conservative path for the current round of widget  
specifications isn't to just stick to the random per-instance (!)  
origin, and relax later.

Thomas Roessler, W3C  <tlr@w3.org>

On 27 May 2009, at 18:23, Adam Barth wrote:

> On Wed, May 27, 2009 at 9:05 AM, Henri Sivonen <hsivonen@iki.fi>  
> wrote:
>> On May 27, 2009, at 18:32, Adam Barth wrote:
>>> 3) A developer can write two widgets that occupy the same origin
>>> (again, but re-using the public key).  These widgets will be able to
>>> interact more freely, for example by sharing the same localStorage,
>>> etc.
>> I though the point of the UUID was to isolate even different  
>> instances of
>> the same widget.
> The spec says the UUID is picked at install-time, so two instances of
> the widget will get the same UUID.
> Adam
Received on Wednesday, 27 May 2009 18:24:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:53 UTC