Hi Art and Marcos,
I didn't see this point discussed in the last widgets meeting minutes.
Do you know if anybody has started work on any security guidelines for
widgets? I noticed that in the "Web Security Context: User Interface
Guidelines", for example this requirement[1] there may be some conflict
with widgets / potential to put requirements there for the item below
and others?
Thanks,
David.
[1] http://www.w3.org/TR/wsc-ui/#keepchromevisible-goodpractice
From: public-webapps-request@w3.org
[mailto:public-webapps-request@w3.org] On Behalf Of David Rogers
Sent: 22 October 2009 11:52
To: public-webapps@w3.org
Cc: Barstow Art (Nokia-CIC/Boston)
Subject: [widgets] viewmodes spec
Hi there,
At the last widgets call I agreed to ask OMTP BONDI members if there was
any feedback on viewmodes. We didn't receive a lot of views but one
thing I raised was that as far as I can tell, there is no text to cover
off invisible widgets or widgets of, for example height and width 1x1.
There may be a valid reason for someone to have an invisible widget but
there are still some abuse scenarios - for example, if someone created a
transparent widget that then maximises in front of your payment
application just as you go to enter your PIN or password it could be a
major issue.
I'm not sure that anyone has started work on any widget security
guidelines?
Thanks,
David.
David Rogers
OMTP Director of External Relations