[widgets] viewmodes spec

Hi there,

At the last widgets call I agreed to ask OMTP BONDI members if there was any feedback on viewmodes. We didn’t receive a lot of views but one thing I raised was that as far as I can tell, there is no text to cover off invisible widgets or widgets of, for example height and width 1x1. There may be a valid reason for someone to have an invisible widget but there are still some abuse scenarios – for example, if someone created a transparent widget that then maximises in front of your payment application just as you go to enter your PIN or password it could be a major issue.

I’m not sure that anyone has started work on any widget security guidelines?

Thanks,

David.

David Rogers
OMTP Director of External Relations

Hi Art and Marcos,

I didn’t see this point discussed in the last widgets meeting minutes. Do you know if anybody has started work on any security guidelines for widgets? I noticed that in the “Web Security Context: User Interface Guidelines”, for example this requirement[1] there may be some conflict with widgets / potential to put requirements there for the item below and others?

Thanks,

David.

[1] http://www.w3.org/TR/wsc-ui/#keepchromevisible-goodpractice

Hi there,

At the last widgets call I agreed to ask OMTP BONDI members if there was any feedback on viewmodes. We didn’t receive a lot of views but one thing I raised was that as far as I can tell, there is no text to cover off invisible widgets or widgets of, for example height and width 1x1. There may be a valid reason for someone to have an invisible widget but there are still some abuse scenarios – for example, if someone created a transparent widget that then maximises in front of your payment application just as you go to enter your PIN or password it could be a major issue.

I’m not sure that anyone has started work on any widget security guidelines?

Thanks,

David.

David Rogers
OMTP Director of External Relations