Re: [widgets] Access Requests Use Case: Restricted access to remote web services using white/black lists

2009/5/22 Scott Wilson <scott.bradley.wilson@gmail.com>:
> RXX: Restricted access to remote web services using white/black lists
>
> Motivation: Security, Current development practice or industry best-practice, Interoperability
>
> Rationale:
>
> A Widget may need to make use of external web services in order to function, for example using AJAX to obtain information.
>
> A User Agent may wish to restrict access to external web services from Widgets based on white lists or black lists, for example using a proxy server or firewall.
>
> This raises the possibility for users installing Widgets that are unable to function due to access restrictions on remote web services.
>
> By providing a mechanism for declaring a Widget's access requirements, the usability and interoperability of Widgets can be improved.
>
> For example, when a user attempts to install a Widget in a User Agent, and the Widget Configuration Document declares that it requires access to currently blocked services in order to function, the User Agent may prompt the user to choose to:
>
> (1) enable access to the service (for example, adding the service to a proxy server or firewall white list),
> (2) cancel installing the Widget, or
> (3) proceed with installation, with the user now aware that there may be problems with the Widget due to restricted access to services.
>
>

The above sounds good in essence, but sounds a bit prescriptive. We
need to rework this a bit if we want to include it in the
requirements.  I think we should discuss this during the F2F.


-- 
Marcos Caceres
http://datadriven.com.au

Received on Monday, 8 June 2009 18:34:48 UTC