- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 27 Oct 2009 18:22:41 +0200
- To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
- Cc: public-webapps <public-webapps@w3.org>, Thomas Roessler <tlr@w3.org>
On Tue, Oct 27, 2009 at 5:38 PM, Marcin Hanclik <Marcin.Hanclik@access-company.com> wrote: > Hi Marcos, > > I think the section below is ok. > FWIW: > 1. As in [1] we could add more detailed statements about HTML tags. I could, but this might be mostly outdated because of HTML5. > 2. Also together with the term "security" we could add "privacy". Added. > So e.g. we may have another paragraph like this (the below text may need more details): > > "Widget packages may contain content that is able to interact both with the remote host and local device. > Therefore, implementers need to take into account the privacy-related implications resulting from the potential exposure of private information to the remote host given the relevant programming interface / model is defined." > I tried to shorten it and included it... details below... > 3. [2] has a more thorough list of considerations that seem to be related to widgets, but more in the context of DAP. Anyway some of them could be reflected in the registration of application/widget. > > [1] http://tools.ietf.org/html/rfc4287#section-8 > [2] http://dev.w3.org/geo/api/spec-source.html#security > Ok, I took from [2] and got: "As widget packages can contain content that is able to simultaneously interact with the local device and a remote host, implementers need to consider the privacy implications resulting from exposing private information to a remote host. Mitigation and in-depth defensive measures are an implementation responsibility and not prescribed by this specification. However, in designing these measures, implementers are advised to enable user awareness of information sharing, and to provide easy access to interfaces that enable revocation of permissions. " -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 27 October 2009 16:23:36 UTC