On Mon, 2006-05-22 at 03:32 -0700, formless void wrote:
> I finally found that W3C has got
>
> User Agent Accessibility Guidelines at
>
> http://www.w3.org/TR/WAI-USERAGENT/
>
> Now my question is how authenticative W3C is?
What do you mean by "authenticative"? Do you mean au·thor·i·ta·tive?
au·thor·i·ta·tive
adjective
1. Having or arising from authority; official: an
authoritative decree; authoritative sources.
2. Of acknowledged accuracy or excellence; highly reliable:
an authoritative account of the revolution.
3. Wielding authority; commanding: the captain's
authoritative manner.
If that is what you meant, then my answer is, W3C *is the authority* on
the subject of the useragent. But being the authority on any subject
doesn't mean anyone pays attention to you or your organization. It is
voluntary compliance.
> Why am I asking this? Because, setting up a standard is one thing and
> getting vendors to implement is another.
See Voluntary Compliance.
> It seems to me that the standard has been there for 4 years and no
> browser has implemented it so far, as I can find no where within the
> major browsers (such as IE, Netscape or Firefox) saying that the
> accessibility of the browser is w3c compliant.
Have you even looked at Firefox's Mozilla website?
http://www.mozilla.com/firefox/
Accessibility
Firefox 1.5 delivers easier navigation for everyone,
including those who are visually or motor-impaired.
Firefox is the first browser to support DHTML
accessibility, which, when enabled by Web authors,
allows rich Web applications to be read aloud. Users may
navigate with keystrokes rather than mouse clicks,
reducing the tabbing required to navigate documents such
as spreadsheets. Firefox 1.5 (Windows version) is also
the first browser to meet US Federal Government
Requirements (http://www.mozilla.com/firefox/vpat.html)
that software be easily accessible to users with
physical impairments.
> Another issue concerns me is that the w3c guideline only addresses the
> accessibility issue and not enough on User Agent security - Section
> 1.5 only. Where I can find security standards of the web browser?
http://www.w3.org/TR/2002/REC-UAAG10-20021217/guidelines.html#tech-ui-access-api
1. For security reasons, user agents are not required to allow
instructions in content to modify user agent user interface
controls.
Also Note, that this is a guideline. (guidelines.html) which mean it is
intended to steer, not define the APIs used in security considerations.
Also note that, you can program in a 100% sandbox environment and still
produce insecure code. It is a matter of understanding the implications
of your code and programming for security from the get go. Most software
in general that started as a "pet project" did not start with the proper
footing in secure programming.
When I say secure, I don't mean secure like Bank Vault Secure, but
secure as in "Does what it is supposed to with out allowing stack
overruns or improper handling of types to allow leaks, etc..."
So, if *YOU* need a secure implementation of a Browser with User Ageent
Security Cranked way up... well, I suggest you start with a clean sheet,
any of the existing code bases you have to work with in the way of
web-browsers are far to buggy for them to be fixed, without a 100%
re-factoring, linting, unit-testing with peer-review re-do. That ain't
gonna happen unless YOU do it.
> It is perfectly fine, if the vendors are unable to achieve the
> security of the browser at the same time with the accessibility, and
> rely on the third party software to make compliment it.
No, the core of the browser needs to implement good programming methods
to not allow the exploits like IE has in it.
> But the standard level has to be differentiated and indicated clearly
> either using logo or code, what ever.
The sheeple (sheeple == average US citizen that complains about politics
but does nothing to improve the situation ala voting or writing) of
windows users don't care about that. All they want is blinky lights and
toolbars that work with the "game-site" or "porn-site" of choice.
Do like Microsoft has, find an imperfection in the finish, layer some
bondo on it... prime it then try to match the color around the problem
so nobody notices. If that doesn't work, repaint the whole-thing again
adding a few more blinky lights, maybe a few "Pimped" things like DRM
and TCE... and re-release it as the next completely redesigned version.
(WindowsXP ala Windows Vista) All without even addressing Standards
other than the proprietary ones they have created.
--
greg, greg@gregfolkert.net
The technology that is
Stronger, Better, Faster: Linux
Use Debian GNU/Linux, its a bazaar thing
NOTICE: Due to Presidential Executive Orders, the
National Security Agency may have read this email
without warning, warrant, or notice, and certainly
without probable cause. They may do this without
any judicial or legislative oversight. You have no
recourse nor protection.
Attachment:
signature.asc
Description: This is a digitally signed message part