- From: Stephen Jolly <stephen.jolly@rd.bbc.co.uk>
- Date: Thu, 01 Oct 2009 15:18:41 +0100
- To: public-webapps@w3.org
Hi there, Reading through the current WARP draft, I note that the semantics of the <access> element appear to preclude an important use case (for us). At BBC R&D one of the things we're currently working on is the control of personal video recorders and TV set-top boxes, from other devices on the home network, via web APIs. We see mobile phones as a key client platform for this kind of interface. There appears to be optimism at present that widgets (and preferably standardised widgets!) will provide a relatively low-fragmentation development environment for mobile application developers. Given this, we're very keen to push the idea that widget standards should allow for access to the home networks to which mobile phones are increasingly gaining connectivity via WiFi (and perhaps, in the future, via Femtocells). The current draft of WARP effectively prevents widgets from connecting to devices on home networks, because the semantics of the <access> element only allow widgets to request access to URIs with authorities that are known to the widget publisher at the time of publication. Devices on home networks are generally not referenced by DNS records, and have unpredictable IP addresses. Obviously requesting access to "*" would, if granted by the user agent, permit connections of this sort, but my suspicion is that this would be an inappropriate mechanism: even if user agent vendors were to permit this kind of universal access by widgets (and there isn't a great track record for this kind of generosity in the mobile world, at least), surely the home network and the set of all possible URI authorities are very different domains, security-wise? I would love to hear opinions on this from the people on this list, most of whom have spent much longer thinking about these issues than I have... S
Received on Thursday, 1 October 2009 16:24:44 UTC