W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Proxy User Stories

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Thu, 12 Dec 2013 14:16:37 +0100
Message-ID: <841ec3cfe7476cdb8c5331cd7fc9f205.squirrel@arekh.dyndns.org>
To: ietf-http-wg@w3.org
A few more :

Khaled runs the gateway protecting the browsing of various VIPs. Those
VIPs have access to various top secret information, but are too important
to go through computer security refreshing courses. The gateway must
protect their systems from malware and other attacks. To make the malware
work more difficult it requires human authentication of web accesses, but
VIPs do not like the hassle of using different passwords and Khaled knows
most of them will reuse internal passwords on the gateway. To limit the
risks of APT Khaled needs the web client to clearly identify the gateway
auth prompt so an attacker can not spoof it. Likewise, web-client to
gateway auth must be encrypted to avoid credential capture by agencies
managing temporary physical access to internal networks.

Lydia handles vast sums of money at work (trader, tax official handling
huge corporations/very rich persons, etc). After several high profile
cases of insider trading/corruption where citizens where asked to foot the
bill enraged deputies voted laws that required monitoring of work
communications of people like Lydia to limit the risks of new occurrences.
Some of the persons Lydia needs to communicate with at work use Google
services. Lydia likes her well-paid job and needs a way to configure her
web clients to expose all her Google traffic to the monitoring system,
without MITM Google CAs leaking to the general public. Since she does not
want to be held responsible for the mistakes of her co-workers she wants
this traffic to be clearly authenticated.


-- 
Nicolas Mailhot
Received on Thursday, 12 December 2013 13:17:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC