- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 19 May 2009 11:18:36 +0200
- To: public-webapps <public-webapps@w3.org>
With my "editor" hat on, I would like to propose the following security model for widgets: 1. If no <access> element is used, the application type (e.g., HTML, Flash, whatever) is responsible for providing the security context/rules under which the widget runs. For HTML this means that a widget runs as if you had dragged a HTML file from your hard-drive into the Web browser. Then, it is up to the implementers if they allow such widgets to run or have access to features (APIs). Distributors may not allow these widgets to be distributed, but that is their prerogative. This defers the security problem to HTML5 or whoever wants to make use of widgets as a packaging format. HTML5 already has to deal with situation where HTML files are run locally or with a synthetic origin (think email attachments). 2. If <access> is used, then this is an "op-in" to a "widget security model" and all network activity is blocked by all means (like a firewall), except those access requests made via <access> element that have been granted by the UA. Access requests are granted via the UA security policy, which is outside the scope of the Widgets spec. I personally think <access> should be removed from Widgets 1.0 and deferred to Widgets 2.0 once it is properly sorted out. -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 19 May 2009 09:19:36 UTC