Edit comment LC-2261 for Web Applications Working Group

Quick access to LC-2258 LC-2259 LC-2260 LC-2261 LC-2262 LC-2263 LC-2264

Comment LC-2261

Comment Shortname:

Commenter: Arthur Barstow <art.barstow@nokia.com>

Message-id:

Section of the document concerned:

[Free text description]Document as a wholeWidgets 1.0: Access Requests Policy /**/ <!--... W3C Working Draft 4 August 2009 Abstract Status of this Document Table of Contents 1 Introduction 1.1 Definitions access request grant access widget execution scopes deny access network resource feature-enabled API widget execution scope web execution scope 1.2 The Widget Family of Specifications Widgets 1.0 family of specifications 1.3 Design Goals and Requirements Security model Restricted access to remote web resources Security Current development practice or industry best- practice Interoperability 2 Policy 3 The access Element Attributes uri URI attribute special value supported subdomains boolean attribute Usage example 4 Processing model access-request list ifragment ipath iuser info iquery in error ignore rule for getting a single attribute value valid URI iuser info in error ignore rule for getting a single attribute value valid boolean value in error ignore ifragment ipath iquery unsupported in error ignore ToASCII Rule for Granting Access to a URI identifiable Resources Acknowledgements Normative References [RFC3987] [URI] [RFC3490] [Widgets-PC] Informative References [Widgets-Reqs] [Widgets-DigSig] [Widgets-Updates] [Widgets-APIs] [HTML5] [HTTP] [HTTPS]
or

Refinement of the section concerned:

Status:

open proposal pending resolved_yes resolved_no resolved_partial other assigned to Nobody

Type: substantive editorial typo question general comment undefined

Comment:

Below are some comments regarding the 4-August-2009 Last Call Working
Draft of the WARP spec:

<http://www.w3.org/TR/2009/WD-widgets-access-20090804/>

-Regards, Art Barstow


1. This spec is missing a statement about which sections are
normative and which are non-normative as well as the RFC2119
boilerplate re keywords

2. Section 1.1 - Network Resource - since this section is presumably
normative, this definition should cite the relevant spec that defines
URI and the authority components

3. Section 1.1 - Web Execution Scope - instead of "have been loaded
off the web", I think the important point (to contrast this
definition with Widget Execution Scope"), would be to say "are
external to the widget package".

4. Section 1.2 - replace the text in this section with a reference to
the Widgets Family of Specs wiki:

<http://www.w3.org/2008/webapps/wiki/WidgetSpecs>

5. Section 1.3 - the "Restricted access to remote web resources"
requirement (including Motivation and Rationale) should be moved to
[Widgets-Reqs] and a pointer to this requirement should be added to
the list of requirements addressed by this spec. BTW, I think the
title of this requirement should use "Restrict" [verb] and not
"Restricted" [adjective]; NB "A UA may wish to Restrict access ...".

6. Section 1.3 - I don't understand the following statement. For
starters, what is "This"?

[[
This raises the possibility for users installing Widgets that are
unable to function due to access restrictions on remote web services.
]]

Given the statement that follows the above ("By providing ...") and
the ensuing "For example ...", perhaps the statement quoted above
should be deleted or concatenated with its previous statement/paragraph.

7. Section 2 - a few items:

a. the term Policy is not defined and it should it be (perhaps in
Section 1.1)

b. This section is titled "Policy" yet the section itself never uses
that term. This section's focus seems to be "widget execution scope".

c. First paragraph - the use of "MAY" should be changed to "may"
since its usage is non-normative (that sentence is informative). The
use of "MUST apply" should be changed to "applies" since that
sentence is also informative.

d. 2nd para - change MAY to "may" since this sentence is non-
normative [NB the sentence starts with "Note".]

e. 3rd para - it seems like the essence of this paragraph is stated
in the first paragraph thus this paragraph should be deleted

f. I think this Section should be marked as non-normative

8. Section 3:

a. The "MAY" in ... this element MAY be used" should be "may"

b. The "MAY" in the definition of the uri attribute should be "may"

c. To be consistent with the P&C spec, the valid boolean values
should be explicit as is done in that spec:

http://www.w3.org/TR/2009/CR-widgets-20090723/#attribute-types

Alternatively, tighten up the following part of Section 4 such that
the valid boolean values are well-defined:

[[
Let sub domains be the result of applying the rule for getting a
single attribute value to the value of the subdomains attribute. If
the value of sub domains is not a valid boolean value, then this
element is in error and the user agent must ignore it.
]]

9. Section 4:

a. The "rule for getting a single attribute value" should be defined

b. Typo: "then prepend the a U+..." should be "then prepend U+..."

c. The following text has a bug since the

10. Informative Refs - update A&E spec to its new title

Related issues: (space separated ids)

WG Notes:

Resolution:

(Please make sure the resolution is adapted for public consumption)