- From: Hillebrand, Rainer <Rainer.Hillebrand@t-mobile.net>
- Date: Mon, 16 Mar 2009 15:39:48 +0100
- To: <marcosc@opera.com>
- Cc: "public-webapps" <public-webapps@w3.org>
Ok! ************************************* T-Mobile International Terminal Technology Rainer Hillebrand Head of Terminal Security Landgrabenweg 151, D-53227 Bonn Germany +49 171 5211056 (My T-Mobile) +49 228 936 13916 (Tel.) +49 228 936 18406 (Fax) E-Mail: rainer.hillebrand@t-mobile.net http://www.t-mobile.net This e-mail and any attachment are confidential and may be privileged. If you are not the intended recipient, notify the sender immediately, destroy all copies from your system and do not disclose or use the information for any purpose. Diese E-Mail inklusive aller Anhänge ist vertraulich und könnte bevorrechtigtem Schutz unterliegen. Wenn Sie nicht der beabsichtigte Adressat sind, informieren Sie bitte den Absender unverzüglich, löschen Sie alle Kopien von Ihrem System und veröffentlichen Sie oder nutzen Sie die Information keinesfalls, gleich zu welchem Zweck. T-Mobile International AG Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/ Chairman) Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/ Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276 Steuer-Nr./Tax No.: 205 / 5777/ 0518 USt.-ID./VAT Reg.No.: DE189669124 Sitz der Gesellschaft/ Corporate Headquarters: Bonn -----Original Message----- From: marcosscaceres@gmail.com [mailto:marcosscaceres@gmail.com] On Behalf Of Marcos Caceres Sent: Montag, 16. März 2009 15:34 To: Hillebrand, Rainer Cc: Arthur Barstow; public-webapps Subject: Re: [widgets] Minutes from 12 March 2009 Voice Conference On Mon, Mar 16, 2009 at 3:06 PM, Hillebrand, Rainer <Rainer.Hillebrand@t-mobile.net> wrote: > Dear Art, > > Regarding "P&C spec - Mandatory config file", I would like to give more information about my concerns. > > According to the current "W3C Working Draft 9 March 2009", the config.xml file has a single mandatory element. This is the <widget> element. All its expected children elements and attributes are optional. Therefore I have got the impression that the config.xml file does not add any security. However, it will help to identify a zip archive as a widget if the media type and/or file extension are missing. > > To be clear, I do not have any objections against the config.xml file in general. I only have concerns regarding its potential to improve security. > Ok, forget the security aspects. Lets just say it identifies a widget as being a widget in the absence of a media type. -- Marcos Caceres http://datadriven.com.au
Received on Monday, 16 March 2009 14:45:13 UTC