- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Wed, 17 Apr 2013 10:48:09 +0200
- To: Wayne Carr <wayne.carr@linux.intel.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>
- Cc: public-closingthegap@w3.org
Le lundi 15 avril 2013 à 08:05 -0700, Wayne Carr a écrit : > > * it's impossible to store local data safely (e.g. with encryption and > > key management) — I assume this is something the Web Crypto API is > > addressing, but I'm not sure if it addresses all of it, or just some > > piece of an otherwise incomplete puzzle > > I think Web Crypto would enable an app to do it itself, but that doesn't > mean a simpler high level API to do it more simply (for the developer) > isn't useful. At least if the primitives are available, I'm less worried about providing the right high level API; it's more important that it is possible than for it to be easy (although obviously having both is the ultimate goal). Virginie, can you confirm that Web Crypto mixed with local storage technologies allow to store data locally safely? > > * the code of your app is available to anyone, making it easier to > > tamper with it or to copy it; users themselves can exploit > > vulnerabilities e.g. via developer tools; content exposed through Web > > apps can't be DRM'd > > things people mention are game developers not wanting to expose private > details of their games, or worrying about cheating at games. I don't > know if it would be enough to have something like web workers that ran > in a secure environment (can't see or tamper with the code). Could you share a bit more about your ideas of this secured Web worker? what would it protect from and how? Virginie, if there is anything you can share about this piece as well (and all of this thread, really :), this would be very useful :) Dom
Received on Wednesday, 17 April 2013 08:48:26 UTC