Security-related UI issues for Opera Widgets
Draft 1 in progress
2006-01-18 / lth@opera.com


Introduction

A good UI will be crucial.  


Interaction points.

This section lists all the instances where the security model requires
or would like to assume some user interaction with Opera, and where a
UI component therefore is required.

1  Widget preferences

   The global widgets-on/widgets-off setting should be in the
   preference UI, default ON.  [Discuss]


2  Widget installation and upgrade

   A widget must be installed by explicit user confirmation.  
   Every widget upgrade must be confirmed.  

   Installation/upgrade are/are not the same thing as dragging a
   widget onto the browser???


3  Widget loading

   When a widget is loaded its checksum is computed and is checked
   against stored checksums.  If the checksum does not match, the user
   must be warned and given the option to remove or keep the widget.




User interaction.

Here are some loose notes:

* The list of URLs in a widget's security specification will be easier
  if the display allows the user to sort the security spec by domain
  name elements in useful ways.

* An authentication dialog clearly different from the one used for
  normal httpauth will make it clear that it's a widget asking for
  permission.

* It must be clear to the user whether he grants privileges to a
  widget, or to all widgets, and for a session, or permanently, and
  for a subset of URLs, or all URLs.  A possible solution is to allow
  configuration through the prefs panel and also through the context
  menu on a widget.


