RE: ISSUE-11: Gathering requirements [FileSystem API] from Nilsson, Claes1 on 2009-10-21 (public-device-apis@w3.org from October 2009)

From: Nilsson, Claes1 <Claes1.Nilsson@sonyericsson.com>
Date: Wed, 21 Oct 2009 13:57:46 +0200
To: 'Paddy Byers' <paddy.byers@gmail.com>, Peter-Paul Koch <pp.koch@gmail.com>, Frederick Hirsch <frederick.hirsch@nokia.com>
CC: Robin Berjon <robin@robineko.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-ID: <6DFA1B20D858A14488A66D6EEDF26AA3208923CE72@seldmbx03.corpusers.net>

I fully agree with Paddy. This is a general discussion that applies to all sensitive JavaScript APIs that we need to protect from unauthorized access.

However, the issue remains whether we should add a requirement to the FileSystem API. I suggest:

"SHOULD provide secure storage and management of secret information, e.g. server login credentials or API keys."

Best regards
  Claes



From: Paddy Byers [mailto:paddy.byers@gmail.com]
Sent: onsdag den 21 oktober 2009 11:36
To: Peter-Paul Koch; Frederick Hirsch
Cc: Nilsson, Claes1; Robin Berjon; public-device-apis@w3.org
Subject: Re: ISSUE-11: Gathering requirements [FileSystem API]

Hi,
> 1) Signing gives:

...

I think this discussion is common to all APIs and belongs to a new issue which should be raised. This issue should be confined to the filesystem API discussion.

I suggest raising a new issue: widget signing and trust models.

Thanks - Paddy

Received on Wednesday, 21 October 2009 11:58:22 UTC