- From: Marcin Hanclik <Marcin.Hanclik@access-company.com>
- Date: Wed, 7 Oct 2009 13:04:55 +0200
- To: Stephen Jolly <stephen.jolly@rd.bbc.co.uk>, public-webapps WG <public-webapps@w3.org>
- CC: Phil Archer <phila@w3.org>, Scott Wilson <scott.bradley.wilson@gmail.com>, Dominique Hazael-Massieux <dom@w3.org>
Hi Stephen, I share your opinion that local network. I posted comments on more extensibility [1] in WARP. I think your use case with private / local networks adds a lot to the target goal for WARP. There is definitely a gap between what can become a standard and what remains at the vendors' discretion. It is intentionally there to allow for differentiation. However, the standard should not harm the introduction of extensions and, IMHO, the current WARP text would make e.g. the aspects of private network somehow incompatible. I.e. @subdomains attribute makes no sense, the @uri attribute is based on prefix and does not accommodate the IP address range or pattern at all. Thus for the local network case the implementers would simply not use WARP as is. E.g. <access> element would be used, but @uri (being mandatory in WARP, [2]) would be replaced with something else. Therefore I think that WARP could be redesigned to e.g. be only a generic <access> element without attributes (those would be added by the vendors/communities etc.) or move to <feature> etc. Thanks, Marcin [1] http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/0844.html [2] http://www.w3.org/TR/2009/WD-widgets-access-20090804/#uri Marcin Hanclik ACCESS Systems Germany GmbH Tel: +49-208-8290-6452 | Fax: +49-208-8290-6465 Mobile: +49-163-8290-646 E-Mail: marcin.hanclik@access-company.com -----Original Message----- From: Stephen Jolly [mailto:stephen.jolly@rd.bbc.co.uk] Sent: Wednesday, October 07, 2009 12:52 PM To: public-webapps WG Cc: Phil Archer; Scott Wilson; Dominique Hazael-Massieux; Marcin Hanclik Subject: Re: [WARP] "uri" attribute is confusing Phil Archer wrote: > The problem is finding the right amount of flexibility without making it > too complicated or opening unwanted security holes. ... > It depends on your use cases of course. I guess the reason I've joined this discussion is that I'm concerned that most of the schemes out there (including the one proposed for WARP) don't allow the local network to be defined as a security domain, which precludes use cases I care about. The Opera widget security model has the concept of "private" addresses (the RFC 1918 and 3927 ranges) - I presume that this group made the conscious decision not to include this concept in the WARP model? Personally, I'm not sure even the Opera model[1] (which talks about these "private" addresses in the context of intranets) is as flexible as one might like: you could make a good case that 127.0.0.0/8 and the UA device's own IP address(es) masked by the appropriate subnet masks should be added to that list. It does all come down to the use cases though, and I guess my fundamental question is still whether or not widget access to resources on the local network is seen as important by this group. Answers welcome. :-) S [1] http://dev.opera.com/articles/view/opera-widgets-security-model/ ________________________________________ Access Systems Germany GmbH Essener Strasse 5 | D-46047 Oberhausen HRB 13548 Amtsgericht Duisburg Geschaeftsfuehrer: Michel Piquemal, Tomonori Watanabe, Yusuke Kanda www.access-company.com CONFIDENTIALITY NOTICE This e-mail and any attachments hereto may contain information that is privileged or confidential, and is intended for use only by the individual or entity to which it is addressed. Any disclosure, copying or distribution of the information by anyone else is strictly prohibited. If you have received this document in error, please notify us promptly by responding to this e-mail. Thank you.
Received on Wednesday, 7 October 2009 11:05:41 UTC