Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, May 22, 2009 at 5:36 PM, Anne van Kesteren wrote: > .href is always an absolute URL on getting. Making it something else would > be a bad hack and counter to how it has been designed. You mean the href attribute as used in the config file? I'm only talking about @src there AFAICT, as we

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 21:40:47 +0200, Arve Bersvendsen wrote: > What Microsoft is doing here is fairly irrelevant. Gecko, Webkit and > Presto all return the absolute URI for my exact example. What you might > be thinking of is getAttribute, which does return the raw contents of > the attribut

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 20:21:56 +0200, Mark Baker wrote: > Ah, right, I didn't realize it was related to a discussion Marcos and > I had last year; > > http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/thread.html#msg50 > > I thought he had (somewhat grudgingly) accepted that way (the use

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, May 22, 2009 at 3:22 PM, Arve Bersvendsen wrote: > On Fri, 22 May 2009 20:21:56 +0200, Mark Baker wrote: > >> I thought he had (somewhat grudgingly) accepted that way (the use of >> relative references) forward, as IIRC, the widget: scheme idea was >> dropped about that time.  Has some ne

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 21:31:11 +0200, William Edney wrote: Arve - Getting the value of 'src' here using 'document.images[0].getAttribute("src")' should return the relative path. The Microsoft guys made a big deal out of the fact that IE8 (in IE8 'strict standards' mode) will now properly

Re: [widgets] Widgets URI scheme... it's baaaack!

Arve - Getting the value of 'src' here using 'document.images[0].getAttribute("src")' should return the relative path. The Microsoft guys made a big deal out of the fact that IE8 (in IE8 'strict standards' mode) will now properly return the relative path when 'getAttribute()' is used, b

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 19:13:35 +0200, Larry Masinter wrote: What makes a set of widgets "related"? Is there an attack where based on UUID knowledge where two unrelated widgets could somehow appear "related"? What "existing infrastructure for security" are you planning to reuse? Not having to

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 20:21:56 +0200, Mark Baker wrote: I thought he had (somewhat grudgingly) accepted that way (the use of relative references) forward, as IIRC, the widget: scheme idea was dropped about that time. Has some new requirement emerged since then that makes relative references an u

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, May 22, 2009 at 9:41 AM, Arve Bersvendsen wrote: > On Fri, 22 May 2009 15:25:40 +0200, Mark Baker wrote: > >> I'm curious to learn where the requirement that "Must not allow >> addressing resources outside a widget" came from?  Can you point to a >> precedent for such a restriction in any

RE: [widgets] Widgets URI scheme... it's baaaack!

What makes a set of widgets "related"? Is there an attack where based on UUID knowledge where two unrelated widgets could somehow appear "related"? What "existing infrastructure for security" are you planning to reuse? Often, security loopholes are introduced when reusing security infrastructure

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 17:29:57 +0200, Larry Masinter wrote: If the widget: scheme is intended for inter-package references then there are security issues with that. If not, then why the UUID? At the time of writing, I do not see them being used for inter-package references (If my understand

RE: [widgets] Widgets URI scheme... it's baaaack!

I didn't think "widget" had ever gone away. The document you pointed at says: " This document is not a specification as of this time, though it is likely to become one once consensus has been reached on its fundamental direction. In the meantime, this document must be considered to sit outside

Re: [widgets] Widgets URI scheme... it's baaaack!

On Fri, 22 May 2009 15:25:40 +0200, Mark Baker wrote: I'm curious to learn where the requirement that "Must not allow addressing resources outside a widget" came from? Can you point to a precedent for such a restriction in any other protocol? I remember TimBL writing something to the effect o

Re: [widgets] Widgets URI scheme... it's baaaack!

Marcos, I'm curious to learn where the requirement that "Must not allow addressing resources outside a widget" came from? Can you point to a precedent for such a restriction in any other protocol? I remember TimBL writing something to the effect of "Anywhere you can use a URI, you can use any UR

[widgets] Access Requests Use Case: Restricted access to remote web services using white/black lists

RXX: Restricted access to remote web services using white/black lists Motivation: Security, Current development practice or industry best- practice, Interoperability Rationale: A Widget may need to make use of external web services in order to function, for example using AJAX to obtain info

Re: [widgets] Call for Input: Use Cases and Requirements for Widgets Access Request spec

On May 22, 2009, at 5:30 AM, ext Arve Bersvendsen wrote: On Fri, 22 May 2009 11:17:26 +0200, Scott Wilson wrote: [About use-cases and requirements for widgets access requests] Is there a particular preferred format for submitting use cases? Not that I know of, but I would much prefer to se

Re: [widgets] i18n proposals document

Hi Andy, On Wed, Apr 29, 2009 at 11:13 AM, Andrew Sledd wrote: > Hi, > > > > I need confirmation that I understand the impact of F1 from the “Finding > missing localized content”, specifically how the dynamic setting of the > xml:base on the element influences subsequent localized content resolvi

Re: [widgets] Call for Input: Use Cases and Requirements for Widgets Access Request spec

On Fri, May 22, 2009 at 11:29 AM, Marcos Caceres wrote: > On Fri, May 22, 2009 at 11:17 AM, Scott Wilson > wrote: >> Is there a particular preferred format for submitting use cases? > > Not really, but it's best if it's something that we can include into: > > http://dev.w3.org/2006/waf/widgets-re

Re: [widgets] Call for Input: Use Cases and Requirements for Widgets Access Request spec

On Fri, 22 May 2009 11:17:26 +0200, Scott Wilson wrote: [About use-cases and requirements for widgets access requests] Is there a particular preferred format for submitting use cases? Not that I know of, but I would much prefer to see one thread per use-case on this list, so they can be

Re: [widgets] Call for Input: Use Cases and Requirements for Widgets Access Request spec

On Fri, May 22, 2009 at 11:17 AM, Scott Wilson wrote: > Is there a particular preferred format for submitting use cases? Not really, but it's best if it's something that we can include into: http://dev.w3.org/2006/waf/widgets-reqs/ So, use cases would fit into the "rationale" section of the Req

Re: [widgets] Call for Input: Use Cases and Requirements for Widgets Access Request spec

Is there a particular preferred format for submitting use cases? S On 21 May 2009, at 14:55, Arthur Barstow wrote: This is a Call for Inputs regarding Use Cases and Requirements for the Widgets Access Requests spec: Please submit inputs before t

Re: [widgets] Widgets URI scheme... it's baaaack!

On May 22, 2009, at 11:24, Marcos Caceres wrote: Just a heads up that the widget URI scheme is back (with a vengence) in its own spec: http://dev.w3.org/2006/waf/widgets-uri/Overview.html Minor nit: When this moves to /TR/, it would be good to zap the 's' from the short name, since it's ne

[widgets] Widgets URI scheme... it's baaaack!

Just a heads up that the widget URI scheme is back (with a vengence) in its own spec: http://dev.w3.org/2006/waf/widgets-uri/Overview.html Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au