On Fri, 22 May 2009 19:13:35 +0200, Larry Masinter <[email protected]>
wrote:
What makes a set of widgets "related"? Is there an attack where
based on UUID knowledge where two unrelated widgets could somehow
appear "related"?
What "existing infrastructure for security" are you planning
to reuse?
Not having to rewrite from the bottom up how XMLHttpRequest works, and is
checked in most user agents, as an example (It goes for a lot of other
code in DOM).
Often, security loopholes are introduced when reusing
security infrastructure designed for one context in
a way that it wasn't designed for.
"thismessage:/" basically didn't allow references outside
the package at all. By adding a UUID and alluding to
"related" packages as possibly being available, "widget"
might become a vector.
I'm not saying it is, I'm just saying that getting external
review for security mechanisms and assumptions is critical.
Larry
--
http://larry.masinter.net
-----Original Message-----
From: Arve Bersvendsen [mailto:[email protected]]
Sent: Friday, May 22, 2009 9:55 AM
To: Larry Masinter; [email protected]; public-pkg-uri-scheme;
public-webapps
Subject: Re: [widgets] Widgets URI scheme... it's baaaack!
On Fri, 22 May 2009 17:29:57 +0200, Larry Masinter <[email protected]>
wrote:
If the widget: scheme is intended for inter-package references
then there are security issues with that. If not, then why the UUID?
At the time of writing, I do not see them being used for inter-package
references (If my understanding equals yours here, as in "references
between otherwise unrelated widgets".
The UUID? Well, it actually eases implementations a bit, since an
implementation can use the UUID as "domain" when requests are made, which
actually allows vendors to reuse existing infrastructure for security
checks and so on.
--
Arve Bersvendsen
Opera Software ASA, http://www.opera.com/
