Re: [widgets] Widgets URI scheme... it's baaaack!

Hi Mark,

On May 22, 2009, at 15:25 , Mark Baker wrote:
> I'm curious to learn where the requirement that "Must not allow
> addressing resources outside a widget" came from?  Can you point to a
> precedent for such a restriction in any other protocol?  I remember
> TimBL writing something to the effect of "Anywhere you can use a URI,
> you can use any URI", possibly in his design issues, but I can't find
> a reference right now.

The idea is that as currently defined, the URI scheme can only point  
to resources contained inside the widget. Wherever you use a widget:  
URI, you can also use other URI schemes such as http: or file: (i.e.  
there's no restriction on the content) but depending on your security  
settings it might not be retrieved and if executed it probably won't  
have access to the same APIs. The widget: URI comes with a guarantee  
that you're pointing inside the widget, which is a nice, clean,  
sandboxed world (which incidentally might also be signed).

> I also don't understand what that bit about "run on the web" means  
> in the intro.

Yeah, neither do I. I've tried to make the abstract clearer.


Robin Berjon -

Received on Wednesday, 2 September 2009 14:18:19 UTC