[whatwg] Content Restrictions

Ian Hickson wrote:
> My first impression is that it is far too complex and over-engineered.

OK... What do you think the requirements are for a solution to this
problem? I tried to make my types of restrictions match up with common
use cases, but I may well have picked the wrong ones.

> The problem with security is that people don't understand the issues. We 
> don't want to give authors too fine-grained control, because most authors 
> will get it wrong, but be lulled into a false sense of security because 
> they are "using Content Restrictions".

OK; but if your control is too coarse-grained, then people who want to
permit just a little bit of scripting are forced to not have any
restrictions at all.

> Still, I'm glad someone is looking at this stuff. It's important. You may 
> be interested (once the archives are back up, or using the other archive 
> site) in looking at the recent discussion on sandboxing in HTML5.

I found a four-message thread:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005294.html
The ideas proposed there are interesting but have the problem I outlined
in my original message of being capabilities rather than restrictions.

Has there been any more discussion you know of?

Gerv

Received on Monday, 30 January 2006 04:49:29 UTC