ISSUE-230

Clarifications for 7.4.2 (software installation)

State:
CLOSED
Product:
wsc-xit
Raised by:
Thomas Roessler
Opened on:
2009-09-21
Description:
From LC-2257:

7.4.2
What if the installation-related security aspects are controlled by the underlying security policy?
[4], specifically its section 3.2.3 is just FYI.

[4] http://bondi.omtp.org/1.01/security/BONDI_Architecture_and_Security_v1_01.pdf


From LC-2255:

> Web user agents MUST NOT expose programming interfaces which permit installation of software without a user intervention.

What does it mean to install software?

> Web user agents MUST inform the user and request consent when web content attempts to install software outside of the browser environment.

Why can't the user agent simply ignore these attempts?

> Web user agents MAY inform the user when web content attempts to execute software outside of the agent environment.

What is the agent environment? For example, does follow a mailto link
fall under this requirement given that seems to execute the user's
default mail software outside the user agents environment
Related Actions Items:
No related actions
Related emails:
  1. Agenda: WSC WG distributed meeting, Wednesday, 2009-10-07 (from mzurko@us.ibm.com on 2009-10-06)
  2. ISSUE-230: Clarifications for 7.4.2 (software installation) [wsc-xit] (from sysbot+tracker@w3.org on 2009-09-21)

Related notes:

Dealt with in dealing with Last Call comments.

Thomas Roessler, 22 Feb 2010, 19:42:05

Display change log ATOM feed

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 230.html,v 1.1 2010/10/11 09:35:14 dom Exp $