- From: Marcos Caceres <marcosc@opera.com>
- Date: Mon, 8 Jun 2009 20:34:09 +0200
- To: Scott Wilson <scott.bradley.wilson@gmail.com>
- Cc: public-webapps WG <public-webapps@w3.org>
2009/5/22 Scott Wilson <scott.bradley.wilson@gmail.com>: > RXX: Restricted access to remote web services using white/black lists > > Motivation: Security, Current development practice or industry best-practice, Interoperability > > Rationale: > > A Widget may need to make use of external web services in order to function, for example using AJAX to obtain information. > > A User Agent may wish to restrict access to external web services from Widgets based on white lists or black lists, for example using a proxy server or firewall. > > This raises the possibility for users installing Widgets that are unable to function due to access restrictions on remote web services. > > By providing a mechanism for declaring a Widget's access requirements, the usability and interoperability of Widgets can be improved. > > For example, when a user attempts to install a Widget in a User Agent, and the Widget Configuration Document declares that it requires access to currently blocked services in order to function, the User Agent may prompt the user to choose to: > > (1) enable access to the service (for example, adding the service to a proxy server or firewall white list), > (2) cancel installing the Widget, or > (3) proceed with installation, with the user now aware that there may be problems with the Widget due to restricted access to services. > > The above sounds good in essence, but sounds a bit prescriptive. We need to rework this a bit if we want to include it in the requirements. I think we should discuss this during the F2F. -- Marcos Caceres http://datadriven.com.au
Received on Monday, 8 June 2009 18:34:48 UTC