Issue with semantics of the access element in WARP

Hi there,

Reading through the current WARP draft, I note that the semantics of the 
<access> element appear to preclude an important use case (for us).

At BBC R&D one of the things we're currently working on is the control 
of personal video recorders and TV set-top boxes, from other devices on 
the home network, via web APIs.  We see mobile phones as a key client 
platform for this kind of interface.

There appears to be optimism at present that widgets (and preferably 
standardised widgets!) will provide a relatively low-fragmentation 
development environment for mobile application developers.  Given this, 
we're very keen to push the idea that widget standards should allow for 
access to the home networks to which mobile phones are increasingly 
gaining connectivity via WiFi (and perhaps, in the future, via Femtocells).

The current draft of WARP effectively prevents widgets from connecting 
to devices on home networks, because the semantics of the <access> 
element only allow widgets to request access to URIs with authorities 
that are known to the widget publisher at the time of publication. 
Devices on home networks are generally not referenced by DNS records, 
and have unpredictable IP addresses.

Obviously requesting access to "*" would, if granted by the user agent, 
permit connections of this sort, but my suspicion is that this would be 
an inappropriate mechanism: even if user agent vendors were to permit 
this kind of universal access by widgets (and there isn't a great track 
record for this kind of generosity in the mobile world, at least), 
surely the home network and the set of all possible URI authorities are 
very different domains, security-wise?

I would love to hear opinions on this from the people on this list, most 
of whom have spent much longer thinking about these issues than I have...

S

Received on Thursday, 1 October 2009 16:24:44 UTC