RE: Opera's three security levels from Hallam-Baker, Phillip on 2006-11-27 (public-wsc-wg@w3.org from November 2006)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 27 Nov 2006 13:57:29 -0800
To: "Mike Beltzner" <beltzner@mozilla.com>
Cc: "Amir Herzberg" <herzbea@macs.biu.ac.il>, "Michael\(tm\) Smith" <mikes@opera.com>, <public-wsc-wg@w3.org>
Message-ID: <198A730C2044DE4A96749D13E167AD37E7E7E9@MOU1WNEXMB04.vcorp.ad.vrsn.com>

 

> From: Mike Beltzner [mailto:beltzner@mozilla.com] 

> On 27-Nov-06, at 4:30 PM, Hallam-Baker, Phillip wrote:
> 
> > There is no reason why we can't have a more comprehensive intra- 
> > platform communication mechanism that preserves as much 
> context as we 
> > might want.
> 
> I don't think this is a wacky idea at all, Phillip, or at 
> least, I've had the same wacky idea, so I'd like to not think 
> of it as wacky :)

The idea may or not be good.

What might be 'whacky' would be adding this to the WSC to do list.


> This would be a fantastic development, and one that I think 
> is going to be needed as applications become more and more 
> interoperative.  
> Right now sending a URL to the default browser is a really "dumb"  
> operation, and additional metadata would be useful for a wide 
> range of use cases and applications.
> 
> The great thing is that we can prototype this sort of 
> behaviour immediately by creating an extension that attaches 
> the metadata to links from web-based email sites.

And blogs, don't forget blogs.

In particular I would like to have some sort of indicator that I could add to a DIV tag.

<HTML>
<HEAD/>
<BODY>
<H1>Phill's bloggy blog</H1>
<p>This part is from Phill so you trust it - right</p>
<h2>Comments</h2>

<div sourced="external">
<p>Bolivia is the capital of Peru</p>
</div>

</BODY>
</HTML>

The same tag would be used in WebMail interfaces to mark out content that is not vouched for by the provider.

Of course Amir will now point out that a better construct would be:

<div>
<StartExternal code="AHAW4i34ewr98234h89r3=="/>
<p>Bolivia is the capital of Peru</p>
<EndExternal code="AHAW4i34ewr98234h89r3=="/>
</div>

The same tags could be used to control so called cross site scripting.


> > The point here is that we can do this without waiting for a 
> platform 
> > release of Windows. The browser and the email client can both adopt 
> > this unilaterally and we can progress to the desired 
> endstate without 
> > ever arriving at an undesirable state.
> 
> Good point.
> 
> This excites me. I truly believe that the solution is getting 
> richer metadata from the system to protect users, and then 
> hiding all signals and ratings of safety and surfacing 
> warnings only when we know the user is at risk.

We are focused on the browser at this point.

But we should take notice of the fact that we can extend our model to inter-process communication.

Received on Monday, 27 November 2006 21:58:12 UTC