Re: comments on Packaging and Configuration specification

Hi Max, Thanks for the prompt reply. I think I have addressed all of your concerns. For the sake of the LC process, can you give us a final thumbs up that you are happy with the changes. On Tue, Mar 10, 2009 at 4:22 PM, Max Froumentin wrote: > I'm ok with the resolution of all the comments I have

Re: Progress Events normative text

On Thu, 5 Mar 2009, Charles McCathieNevile wrote: > > > > > > > > I think it is wrong to make content non-conforming because it > > > > fires events in a fashion that isn't consistent with this draft. > > > > It seems odd to me to say that content is not allowed to work around > > bugs in brows

[widgets] Agenda for 12 March 2009 Voice Conference; *** NOTE TIME CHANGE FOR non-US ***

Below is the draft agenda for the March 12 Widgets Voice Conference (VC). Inputs and discussion before the meeting on all of the agenda topics via public-webapps is encouraged (as it can result in a shortened meeting). Logistics: *** NOTE TIME CHANGE FOR non-US PARTICIPANTS *** Time: 22:00

[widgets] Opportunities and ToDos ... [Was: Agenda for 5 March 2009 Voice Conference]

Bryan, Marcos, All, Among the areas we need contributions: * The "red block" issues in the specs as well as inputs to address open actions and Issues: * Widgets test suite - does BONDI have something we can use? I don't understand how the

widget signature proposal - Identifier and Created Signature property

I propose we add the following to the Widgets Signature 1.1. This is in response to Thomas Roessler review comments, see http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0547.html Proposal - Add the following to the latest editor's draft http://dev.w3.org/2006/waf/widgets-digsig

Re: comments on Packaging and Configuration specification

I'm ok with the resolution of all the comments I have not re-commented on below. Marcos Caceres writes: >> "erroneous [DOM3Core] nodes" >> 9-> not sure what that means > > Changed [DOM3Core] nodes > DOM nodes. Better? Yes, although I would remove the whole sentence, actually. A "must" in a

Re: [widgets] Making config.xml mandatory

On 3/10/09 3:48 PM, Mark Baker wrote: I think the TAG's finding on authoritative metadata is germane here; http://www.w3.org/2001/tag/doc/mime-respect That only applies to widgets that acquired over HTTP. Widgets can come from any source, include those that know nothing of media types. Non

Re: [widgets] Making config.xml mandatory

I think the TAG's finding on authoritative metadata is germane here; http://www.w3.org/2001/tag/doc/mime-respect Mark. On Mon, Mar 9, 2009 at 8:36 AM, Marcos Caceres wrote: > Opera would like to make the config file in widgets packages > mandatory. Our rationale is that having at least one  con

Re: ISSUE-85 (clipops security practice): What are common sucrity practices for Clipboard APIs? [Clipboard Operations]

A few ideas: - one of the dangers is that flavours may be damageable... so the general practice would be that, unless we're in a de-sandboxed region (anything else than file://?) all flavours should be sanitized (e.g. no scripting, no relative reference, no embedding, except for pack- embe

Re: comments on Packaging and Configuration specification

Hi Max, On Mon, Mar 9, 2009 at 11:25 AM, Max Froumentin wrote: > Hi, > Here are a few comments on the 4 March version of the editor's draft: > > "This document standardizes a general packaging format for applications." > 1-> just "applications"? Not web applications, or sofware applications, or

RE: [widgets] Making config.xml mandatory

Dear Arve, Good point regarding OMTP/BONDI. BONDI supports a security framework for widgets and "web pages" (or non-widgets). On the other, if widgets in pre-existing implementations may use sensitive resources then I as an attacker would pack my rogue content in a widget resource, add the con

Re: [widgets] Making config.xml mandatory

On Mon, 09 Mar 2009 14:12:38 +0100, Hillebrand, Rainer wrote: Which different security privileges does a widget have in comparison to any other content? Doesn't it depend on a security policy that we do not define in the W3C? While this is not yet defined by the W3C or other organizations

Re: ISSUE-85 (clipops security practice): What are common sucrity practices for Clipboard APIs? [Clipboard Operations]

On , Web Applications Working Group Issue Tracker wrote: > > ISSUE-85 (clipops security practice): What are common sucrity practices for > Clipboard APIs? [Clipboard Operations] > > http://www.w3.org/2008/webapps/track/issues/85 > > Raised by: Charles McCathieNevile > On product: Clipboard Opera