- From: Mark Birbeck <mark.birbeck@x-port.net>
- Date: Wed, 25 Aug 2004 18:26:28 +0100
- To: <www-forms@w3.org>
Aaron, We obviously have very different concepts of what web services are! I would have thought that just about all web services that you refer to would be in "domains different to the one where the page was downloaded". As it happens, that's what makes it so exciting - in one form we can search both Google and Amazon for the same word; in one form we can find a zip code from an address, and then use that zip code to find weather and traffic reports; in one form I can monitory umpteen news feeds or RSS logs, or even manage my Atom-powered blog (coming soon ;)). In other words, far from causing a problem, XForms makes these new-fangled web services accessible. Let's face it, despite being around for years web services are pretty much unusable by anyone outside of a corporate IT department. Regards, Mark Mark Birbeck CEO x-port.net Ltd. e: Mark.Birbeck@x-port.net t: +44 (0) 20 7689 9232 w: http://www.formsPlayer.com/ Download our XForms processor from http://www.formsPlayer.com/ > -----Original Message----- > From: www-forms-request@w3.org > [mailto:www-forms-request@w3.org] On Behalf Of Aaron Reed > Sent: 24 August 2004 21:50 > To: www-forms@w3.org > Subject: XForms - Secure or Insecure? > > > > I also have a question about XForms security. For example, > the formsPlayer example at: > http://www.formsplayer.com/community/samples/google-search.html. > > Running this example in a browser should raise eyebrows. > Submitting SOAP to > domains DIFFERENT from the one where the page was downloaded > and REPLACING content in the current page so that the user > doesn't have any kind of cue that something just happened > seems like the kind of power for a form that we don't want to > encourage (in a browser context, at least). Is this > something that is going to be addressed in the 1.1 spec when > the SOAP stuff goes in? > > --Aaron > > >
Received on Wednesday, 25 August 2004 17:26:35 UTC