- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Wed, 14 May 2008 00:21:04 -0400
- To: steele@adobe.com
- Cc: public-wsc-wg@w3.org
- Message-ID: <OFE74C88F5.64E1DA18-ON85257449.00166110-85257449.0017E5E9@LocalDomain>
Here's my crack at it. Sorry it's so late; my hotel's network was down last night. I propose adding a paragraph to the end of 4.1, which I present in its entirety, as the first two paragraphs substantially motivated discussion on this. The idea is to explicitly address what we expect extensions to do, with some tips on specific areas of interest. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#interaction-overview When this specification speaks of a "Web user agent" to describe the application through which a user interacts with the Web, then this term is used on a conceptual level: No assumption is made about implementation details; the "Web user agent" may denote a combination of several applications, extensions to such applications, operating system features, and assistive technologies. This specification makes no specific assumption about the content with which the user interacts, except for one: There is a top-level Web page that is identified by a URI [RFC3986]. This Web page might be an HTML frameset, an application running on top of a proprietary run-time environment, or a document in a format interpreted by plug-ins or external systems served as part of a Web interaction. The page's behavior might be determined by scripting, stylesheets, and other mechanisms. A common web user agent is a web browser with some number of plug-ins, extensions, or call outs to external systems which render particular document formats. Changes to the web user agent, such as the addition or removal of these applications or features, can render a web user agent non conformant. User agent extensions which call TLS or present TLS secured content will need to conform to [ref Applying TLS to the Web], or ensure they defer handling of those requirements to some other portion of the user agent. User agent extensions will need to neither obscure nor degrade the rendering of [ref identity signal and trust anchor signalling], [ref additional security context information], the [ref TLS Indicator], and [ref Error Handling and Signaling]. In addition, extensions will need to conform to [ref Error Handling and Signaling] for all security related errors it handles. Extensions will need to conform to the [ref Robustness] recommendations, with particular attention to [ref 7.1.2 keeping security chrome visible], [ref 7.3 handling of pop ups], and [ref 7.4 APIs exposed to web content]. It is expected that extensions will either trivially support this recommendation (by neither participating in nor interfering with the topics covered), or will test their conformance in a configuration with a conforming user agent, and document the requirements they participate in.
Received on Wednesday, 14 May 2008 04:28:34 UTC