Hi Mark, On May 22, 2009, at 15:25 , Mark Baker wrote:
I'm curious to learn where the requirement that "Must not allow addressing resources outside a widget" came from? Can you point to a precedent for such a restriction in any other protocol? I remember TimBL writing something to the effect of "Anywhere you can use a URI, you can use any URI", possibly in his design issues, but I can't find a reference right now.
The idea is that as currently defined, the URI scheme can only point to resources contained inside the widget. Wherever you use a widget: URI, you can also use other URI schemes such as http: or file: (i.e. there's no restriction on the content) but depending on your security settings it might not be retrieved and if executed it probably won't have access to the same APIs. The widget: URI comes with a guarantee that you're pointing inside the widget, which is a nice, clean, sandboxed world (which incidentally might also be signed).
I also don't understand what that bit about "run on the web" means in the intro.
Yeah, neither do I. I've tried to make the abstract clearer. Thanks! -- Robin Berjon - http://berjon.com/
