W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widgets] Access Requests Use Case: Restricted access to remote web services using white/black lists

From: Marcos Caceres <marcosc@opera.com>
Date: Mon, 8 Jun 2009 20:34:09 +0200
Message-ID: <b21a10670906081134o154ace2av77d9e836f2ac6fad@mail.gmail.com>
To: Scott Wilson <scott.bradley.wilson@gmail.com>
Cc: public-webapps WG <public-webapps@w3.org>
2009/5/22 Scott Wilson <scott.bradley.wilson@gmail.com>:
> RXX: Restricted access to remote web services using white/black lists
> Motivation: Security, Current development practice or industry best-practice, Interoperability
> Rationale:
> A Widget may need to make use of external web services in order to function, for example using AJAX to obtain information.
> A User Agent may wish to restrict access to external web services from Widgets based on white lists or black lists, for example using a proxy server or firewall.
> This raises the possibility for users installing Widgets that are unable to function due to access restrictions on remote web services.
> By providing a mechanism for declaring a Widget's access requirements, the usability and interoperability of Widgets can be improved.
> For example, when a user attempts to install a Widget in a User Agent, and the Widget Configuration Document declares that it requires access to currently blocked services in order to function, the User Agent may prompt the user to choose to:
> (1) enable access to the service (for example, adding the service to a proxy server or firewall white list),
> (2) cancel installing the Widget, or
> (3) proceed with installation, with the user now aware that there may be problems with the Widget due to restricted access to services.

The above sounds good in essence, but sounds a bit prescriptive. We
need to rework this a bit if we want to include it in the
requirements.  I think we should discuss this during the F2F.

Marcos Caceres
Received on Monday, 8 June 2009 18:34:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC