RE: [Widgets] Security Considerations

Hi Marcos,

I think the section below is ok.
FWIW:
1. As in [1] we could add more detailed statements about HTML tags.
2. Also together with the term "security" we could add "privacy".
So e.g. we may have another paragraph like this (the below text may need more details):

"Widget packages may contain content that is able to interact both with the remote host and local device.
Therefore, implementers need to take into account the privacy-related implications resulting from the potential exposure of private information to the remote host given the relevant programming interface / model is defined."

3. [2] has a more thorough list of considerations that seem to be related to widgets, but more in the context of DAP. Anyway some of them could be reflected in the registration of application/widget.

[1] http://tools.ietf.org/html/rfc4287#section-8

[2] http://dev.w3.org/geo/api/spec-source.html#security



Marcin Hanclik
ACCESS Systems Germany GmbH
Tel: +49-208-8290-6452  |  Fax: +49-208-8290-6465
Mobile: +49-163-8290-646
E-Mail: marcin.hanclik@access-company.com

-----Original Message-----
From: public-webapps-request@w3.org [mailto:public-webapps-request@w3.org] On Behalf Of Marcos Caceres
Sent: Monday, October 26, 2009 6:46 PM
To: public-webapps; Thomas Roessler
Subject: [Widgets] Security Considerations

In order to register application/widgets as an official MIME type with
IANA, we need to have a section in the spec that outlines the security
considerations. I've made a first stab at this section (below)... but
I'm no security peep, so I would appreciate some input from those that
know better...

[[
Security considerations

This section is non-normative.

In addition to the security considerations specified for Zip files in
the [Zip-MIME] registration, there are a number of security
considerations that need to be taken into account when dealing with
widget packages and configuration documents.

As the configuration document format is [XML] and [Unicode], the
security considerations described in [XML-MIME] and [UTR36] apply.

The configuration document allows authors, through the feature
element, to request permission to enable third-party runtime
components and APIs. As these features are outside the scope of this
specification, significant caution needs to be taken when granting a
widget the capability to use a feature. Features themselves define
their own security considerations.

Widget packages will generally contain ECMAscript, HTML, CSS files,
and other media, which are executed in a sand boxed environment. As
such, implementers need to be aware of the security implications for
the types they support. Specifically, implementers need to consider
the security implications outlined in the [CSS-MIME] specification,
the [ECMAScript-MIME], and the [HTML-MIME] specification.

As this specification relies on the standardized heuristics for
determining the content type of files defined in the SNIFF
specification, implementers need to consider the security
considerations discussed in the [SNIFF] specification.

As this specification allows for the declaration of IRIs within
certain elements of a configuration documents, implementers need to
consider the security considerations discussed in the [IRI]
specification.

]]

--
Marcos Caceres
http://datadriven.com.au



________________________________________

Access Systems Germany GmbH
Essener Strasse 5  |  D-46047 Oberhausen
HRB 13548 Amtsgericht Duisburg
Geschaeftsfuehrer: Michel Piquemal, Tomonori Watanabe, Yusuke Kanda

www.access-company.com

CONFIDENTIALITY NOTICE
This e-mail and any attachments hereto may contain information that is privileged or confidential, and is intended for use only by the
individual or entity to which it is addressed. Any disclosure, copying or distribution of the information by anyone else is strictly prohibited.
If you have received this document in error, please notify us promptly by responding to this e-mail. Thank you.

Received on Tuesday, 27 October 2009 15:39:18 UTC