W3C home > Mailing lists > Public > public-device-apis@w3.org > November 2009

RE: Security evaluation of an example DAP policy

From: Marcin Hanclik <Marcin.Hanclik@access-company.com>
Date: Fri, 20 Nov 2009 09:50:28 +0100
To: Jonas Sicking <jonas@sicking.cc>
CC: Maciej Stachowiak <mjs@apple.com>, Adam Barth <w3c@adambarth.com>, Robin Berjon <robin@berjon.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>, public-webapps WG <public-webapps@w3.org>
Message-ID: <FAA1D89C5BAF1142A74AF116630A9F2C28942D75F1@OBEEX01.obe.access-company.com>
Hi Jonas,

Thanks for your comments.

The below policy actually blocks access to all device APIs for all websites (up to bugs in the RE, now I think it should be /.*/ instead of /.+/), thus actually expresses the currently applied policy available in the browsers. I.e. it already works to some extent :)

I assume the clear arguments raised in this mail thread will be very helpful for DAP and BONDI.

Handling data exchange between scripts and OS via <input> element with explicit user consent is another paradigm that I believe will be explored.
We could think of some mapping of the APIs from/to <input> to be able to realize functionally same scenarios with minimal change of the code.
E.g. <input type="contact"> would be a kind of equivalent to addressbook.getContact() or so.
The differentiation could be as above, but the properties of the objects retrieved by both above scenarios could match for easy integration. Personally I perceive it as a design pattern.

Thanks,
Marcin


Marcin Hanclik
ACCESS Systems Germany GmbH
Tel: +49-208-8290-6452  |  Fax: +49-208-8290-6465
Mobile: +49-163-8290-646
E-Mail: marcin.hanclik@access-company.com

-----Original Message-----
From: Jonas Sicking [mailto:jonas@sicking.cc]
Sent: Friday, November 20, 2009 2:04 AM
To: Marcin Hanclik
Cc: Maciej Stachowiak; Adam Barth; Robin Berjon; public-device-apis@w3.org; public-webapps WG
Subject: Re: Security evaluation of an example DAP policy

On Thu, Nov 19, 2009 at 4:49 PM, Marcin Hanclik
<Marcin.Hanclik@access-company.com> wrote:
> Hi Jonas, Maciej,
>
> It seems that the policy that you would accept would be:
>
> <policy-set combine="deny-overrides">
>  <policy description="Default Policy for websites. Simply denying all API that are covered by some device capability:) ">
>   <target>
>     <subject>
>       <subject-match attr="class" match="website" func="equal"/>
>     </subject>
>   </target>
>   <rule effect="deny">
>     <condition>
>       <resource-match attr="device-cap" func="regexp">/.+/</resource-match>
>     </condition>
>   </rule>
>  </policy>
> </policy-set>
>
> Let's see how DAP will evolve then.

Given that I don't know the specifics about this policy format I can't
comment on the above policy specifically. However I will note that the
security experts at Mozilla did agree that opening a non-modal dialog
asking for access to geo-location was considered acceptable, as I
noted in a previous email. I don't know what effect that has on the
above policy.

I don't know what policy other browsers have used in this area.

/ Jonas

________________________________________

Access Systems Germany GmbH
Essener Strasse 5  |  D-46047 Oberhausen
HRB 13548 Amtsgericht Duisburg
Geschaeftsfuehrer: Michel Piquemal, Tomonori Watanabe, Yusuke Kanda

www.access-company.com

CONFIDENTIALITY NOTICE
This e-mail and any attachments hereto may contain information that is privileged or confidential, and is intended for use only by the
individual or entity to which it is addressed. Any disclosure, copying or distribution of the information by anyone else is strictly prohibited.
If you have received this document in error, please notify us promptly by responding to this e-mail. Thank you.
Received on Friday, 20 November 2009 08:51:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:01 GMT