RE: ISSUE-133 -- How do our definition of Web Page and the Robustiness section interact?

Here's my crack at it. Sorry it's so late; my hotel's network was down 
last night. I propose adding a paragraph to the end of 4.1, which I 
present in its entirety, as the first two paragraphs substantially 
motivated discussion on this. The idea is to explicitly address what we 
expect extensions to do, with some tips on specific areas of interest.

When this specification speaks of a "Web user agent" to describe the 
application through which a user interacts with the Web, then this term is 
used on a conceptual level: No assumption is made about implementation 
details; the "Web user agent" may denote a combination of several 
applications, extensions to such applications, operating system features, 
and assistive technologies.
This specification makes no specific assumption about the content with 
which the user interacts, except for one: There is a top-level Web page 
that is identified by a URI [RFC3986]. This Web page might be an HTML 
frameset, an application running on top of a proprietary run-time 
environment, or a document in a format interpreted by plug-ins or external 
systems served as part of a Web interaction. The page's behavior might be 
determined by scripting, stylesheets, and other mechanisms.

A common web user agent is a web browser with some number of plug-ins, 
extensions, or call outs to external systems which render particular 
document formats. Changes to the web user agent, such as the addition or 
removal of these applications or features, can render a web user agent non 
conformant. User agent extensions which call TLS or present TLS secured 
content will need to conform to [ref Applying TLS to the Web], or ensure 
they defer handling of those requirements to some other portion of the 
user agent. User agent extensions will need to neither obscure nor degrade 
the rendering of [ref identity signal and trust anchor signalling], [ref 
additional security context information], the [ref TLS Indicator], and 
[ref Error Handling and Signaling]. In addition, extensions will need to 
conform to [ref Error Handling and Signaling] for all security related 
errors it handles. Extensions will need to conform to the [ref Robustness] 
recommendations, with particular attention to [ref 7.1.2 keeping security 
chrome visible], [ref 7.3 handling of pop ups], and [ref 7.4 APIs exposed 
to web content]. It is expected that extensions will either trivially 
support this recommendation (by neither participating in nor interfering 
with the topics covered), or will test their conformance in a 
configuration with a conforming user agent, and document the requirements 
they participate in. 

Received on Wednesday, 14 May 2008 04:28:34 UTC