RE: [www-html] Frame parent access control proposal (was: [ no su bject at all ]) from Brian Kelly on 2001-05-22 (www-html@w3.org from May 2001)

From: Brian Kelly <lisbk@ukoln.ac.uk>
Date: Tue, 22 May 2001 19:07:49 +0100 (BST)
To: Dave J Woolley <david.woolley@bts.co.uk>
cc: www-html@w3.org
Message-ID: <Pine.SO4.4.05.10105221901340.1565-100000@lamin.ukoln.ac.uk>

On Tue, 22 May 2001, Dave J Woolley wrote:

> > From:	Brian [SMTP:netdemonz@yahoo.com]
> > 
> > I think that security should be included in the DOM and HTML, and it
> > should
> > address especially: cross-domain access of elements in IFrames, among
> > other
> > things.
> > 
> 	[DJW:]  Noting that all forms of frames are discouraged by
> 	HTML 4.0 and XHTML 1.0 and are not allowed at all by ISO HTML
> 	and XHTML 1.1, Iframe, in particular, is a form of link, and
> 	the W3C philosophy appears to be to encourage the web, which means,
> 	essentially, to encourage the use of off site links.
> 
....
> 
> 	As a pure HTML thing, it would seem to be more a copyright/deep
> linking
> 	control feature than straught security.  It doesn't help for
> non-HTML
> 	resources, and it doesn't help in suppressing banner advertising,
> etc.

It does seem to me, though, that it might be useful if W3C Recommendations
flagged any potential legal / copyright issues which implementations of  
the recommendation may encounter.  This was brought home to me at a
SMIL Tutorial at WWW10.  The feature in SMIL to  integrate various
resources, and to, for example, start a video clip at any arbitrary 
point looks like it will provide copyright lawyers with a nice income
stream ("I'll start the Disney video clip after the copyright statement 
has finished, and I'll add my own logo at the top of the window").

Brian

------------------------------------------------------
Brian Kelly, UK Web Focus
UKOLN, University of Bath, BATH, England, BA2 7AY
Email:  b.kelly@ukoln.ac.uk     URL:    http://www.ukoln.ac.uk/
Homepage: http://www.ukoln.ac.uk/ukoln/staff/b.kelly.html
Phone:  01225 323943            FAX:   01225 826838


> > Also, Windows should be included in the DOM.
> > 
> 	[DJW:]  I believe the position is that Windows are part of the
> browser,
> 	not the document (author controlled multiple windows are again
> discouraged/
> 	impossible under the same conditions as frames).  However, it does
> seem that
> 	some standardisation is needed here, given their extensive use in
> wild,
> 	so maybe W3C needs to create a graphical browser object model (or a
> suite
> 	of browser object models).  However, this is the wrong list to
> discuss object
> 	models. 
> [DJW:]  
> ++The feature proposed is a new element that specifies realms permitted to
> link to an HTML resource in a frame context, or permitted to link and be
> treated
> as equivalent for DOM security models.
> 
> -- 
> --------------------------- DISCLAIMER ---------------------------------
> Any views expressed in this message are those of the individual sender,
> except where the sender specifically states them to be the views of BTS.
> 
> 
> >  
> 
>

Received on Tuesday, 22 May 2001 14:07:57 UTC