RXX: Restricted access to remote web services using white/black lists
Motivation: Security, Current development practice or industry best-
practice, Interoperability
Rationale:
A Widget may need to make use of external web services in order to
function, for example using AJAX to obtain information.
A User Agent may wish to restrict access to external web services from
Widgets based on white lists or black lists, for example using a proxy
server or firewall.
This raises the possibility for users installing Widgets that are
unable to function due to access restrictions on remote web services.
By providing a mechanism for declaring a Widget's access requirements,
the usability and interoperability of Widgets can be improved.
For example, when a user attempts to install a Widget in a User Agent,
and the Widget Configuration Document declares that it requires access
to currently blocked services in order to function, the User Agent may
prompt the user to choose to:
(1) enable access to the service (for example, adding the service to a
proxy server or firewall white list),
(2) cancel installing the Widget, or
(3) proceed with installation, with the user now aware that there may
be problems with the Widget due to restricted access to services.
