2009/5/22 Scott Wilson <[email protected]>: > RXX: Restricted access to remote web services using white/black lists > > Motivation: Security, Current development practice or industry best-practice, > Interoperability > > Rationale: > > A Widget may need to make use of external web services in order to function, > for example using AJAX to obtain information. > > A User Agent may wish to restrict access to external web services from > Widgets based on white lists or black lists, for example using a proxy server > or firewall. > > This raises the possibility for users installing Widgets that are unable to > function due to access restrictions on remote web services. > > By providing a mechanism for declaring a Widget's access requirements, the > usability and interoperability of Widgets can be improved. > > For example, when a user attempts to install a Widget in a User Agent, and > the Widget Configuration Document declares that it requires access to > currently blocked services in order to function, the User Agent may prompt > the user to choose to: > > (1) enable access to the service (for example, adding the service to a proxy > server or firewall white list), > (2) cancel installing the Widget, or > (3) proceed with installation, with the user now aware that there may be > problems with the Widget due to restricted access to services. > >
The above sounds good in essence, but sounds a bit prescriptive. We need to rework this a bit if we want to include it in the requirements. I think we should discuss this during the F2F. -- Marcos Caceres http://datadriven.com.au
