Hi there,
Reading through the current WARP draft, I note that the semantics of the
<access> element appear to preclude an important use case (for us).
At BBC R&D one of the things we're currently working on is the control
of personal video recorders and TV set-top boxes, from other devices on
the home network, via web APIs. We see mobile phones as a key client
platform for this kind of interface.
There appears to be optimism at present that widgets (and preferably
standardised widgets!) will provide a relatively low-fragmentation
development environment for mobile application developers. Given this,
we're very keen to push the idea that widget standards should allow for
access to the home networks to which mobile phones are increasingly
gaining connectivity via WiFi (and perhaps, in the future, via Femtocells).
The current draft of WARP effectively prevents widgets from connecting
to devices on home networks, because the semantics of the <access>
element only allow widgets to request access to URIs with authorities
that are known to the widget publisher at the time of publication.
Devices on home networks are generally not referenced by DNS records,
and have unpredictable IP addresses.
Obviously requesting access to "*" would, if granted by the user agent,
permit connections of this sort, but my suspicion is that this would be
an inappropriate mechanism: even if user agent vendors were to permit
this kind of universal access by widgets (and there isn't a great track
record for this kind of generosity in the mobile world, at least),
surely the home network and the set of all possible URI authorities are
very different domains, security-wise?
I would love to hear opinions on this from the people on this list, most
of whom have spent much longer thinking about these issues than I have...
S