W3C home > Mailing lists > Public > public-device-apis@w3.org > November 2009

Re: Policy work items - request for proposals

From: イアンフェッティ <ifette@google.com>
Date: Mon, 2 Nov 2009 17:36:18 -0800
Message-ID: <bbeaa26f0911021736i3eca34acn5d43b710d337d34@mail.gmail.com>
To: Suresh Chitturi <schitturi@rim.com>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, W3C Device APIs and Policy WG <public-device-apis@w3.org>
I don't really know what this means. I think the point that we tried to make
in the joint WebApps/DAP f2f was that it doesn't make sense to separate the
discussion of API from security considerations and UI. I don't understand
what any of 1-3, or "access control model" in the abstract, mean.

I for one remain highly skeptical of a "policy framework" that is
independent of security UI and APIs, and think that designing APIs that then
plug into some framework as a way to avoid having discussions about security
aspects in the design of said APIs, is a recipe for disaster.

-Ian

2009/11/2 Suresh Chitturi <schitturi@rim.com>

> Hi Frederick, all,
>
> I would be happy to look at the security aspects in general for the
> API/features and access control model for the same.
>
> To be concrete I guess this translates to items 2 and 5? If there are
> others who are also interested perhaps it can be a joint action item.
>
> Regards,
> Suresh
>
> -----Original Message-----
> From: public-device-apis-request@w3.org
> [mailto:public-device-apis-request@w3.org] On Behalf Of Frederick Hirsch
> Sent: Monday, November 02, 2009 2:15 PM
> To: W3C Device APIs and Policy WG
> Cc: Frederick Hirsch
> Subject: Policy work items - request for proposals
>
> During the morning F2F session I recorded the following somewhat
> independent work items:
>
> 1. trust model definition
> 2. access control model definition
> 3 capability definitions for APIs in DAP charter and related W3C APIs
> 4. features - definition
> 5 security considerations for each API,  privacy concerns for each
> API, definition of likely user prompts based on API functionality that
> have security implications (e.g. take picture query also gives
> security permission)
> 6 security threat models and countermeasures/ security use cases
> 7 Context for security decisions - what additional information can be
> included in decision
> 8. FileAPI security model and simplification
>
> Is this list complete, are the items somewhat orthogonal?
>
> Do we have volunteers to help with concrete proposals, especially for
> the list of capability definitions, API security considerations,
> security use cases/threats.
>
> regards, Frederick
>
> Frederick Hirsch, Nokia
> Co-Chair, W3C DAP Working Group
>
>
>
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential
> information, privileged material (including material protected by the
> solicitor-client or other applicable privileges), or constitute non-public
> information. Any use of this information by anyone other than the intended
> recipient is prohibited. If you have received this transmission in error,
> please immediately reply to the sender and delete this information from your
> system. Use, dissemination, distribution, or reproduction of this
> transmission by unintended recipients is not authorized and may be unlawful.
>
>
>
Received on Tuesday, 3 November 2009 01:37:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:01 GMT