- From: David Rogers <david.rogers@omtp.org>
- Date: Wed, 24 Mar 2010 19:10:54 -0000
- To: "Robin Berjon" <robin@berjon.com>, "public-webapps WG" <public-webapps@w3.org>
Hi Robin, I'm not sure how far forward we are with this but looking at the security considerations, it would be useful to have the examples for implementers to understand where we're coming from with the concerns. For your info, this was the original proposal I discussed with Marcin: Security Considerations Widgets could be intentionally designed to visually dupe or confuse the user for social engineering purposes. Some methods that could be used to perform this could be by creating: * widgets that the user cannot see (full-screen invisible widgets in front of other things on the screen, such as a PIN-code entry) * widgets that have a size smaller than the user can reasonably see (e.g. a 1px x 1px widget) * widgets that have no chrome that could masquerade as some other existing object on the screen (for example a lock and key) Implementers of this specification are asked to take these points into account and design appropriate measures to safeguard the user. Thanks, David. -----Original Message----- From: public-webapps-request@w3.org [mailto:public-webapps-request@w3.org] On Behalf Of Robin Berjon Sent: 04 March 2010 13:13 To: public-webapps WG Subject: VMMF - new version Hi all, I just produced an update of VMMF to make it ready for publication: http://dev.w3.org/2006/waf/widgets-vmmf/. Essentially I changed it so that it corresponds to CSS Media Queries. That, plus it being a UI oriented specification, means that there's only one normative assertion and it's a SHOULD. Comments welcome, I think that this baby can ship. -- Robin Berjon - http://berjon.com/
Received on Wednesday, 24 March 2010 19:11:34 UTC