RE: Request to make one proposal for execution model and security model from Wonsuk Lee on 2013-01-30 (public-sysapps@w3.org from January 2013)

From: Wonsuk Lee <wonsuk11.lee@samsung.com>
Date: Wed, 30 Jan 2013 16:38:01 +0900
To: 'John Lyle' <john.lyle@cs.ox.ac.uk>
Cc: public-sysapps@w3.org
Message-id: <02de01cdfebc$bbb1c970$33155c50$@samsung.com>

Hi. John.

From: John Lyle [mailto:john.lyle@cs.ox.ac.uk] 
Sent: Tuesday, January 29, 2013 7:26 PM
To: public-sysapps@w3.org
Subject: Re: Request to make one proposal for execution model and security
model

On 29/01/13 00:18, Wonsuk Lee wrote:

Hi. Colleagues.

So far we had three proposals[1][2][3] for execution model and security
model from Oxford, Mozilla and Samsung electronics. Conceptually large parts
of Mozilla and Samsung's proposals are overlapped, so I would like to ask
the editors of these proposals to merge as a one proposal. 

Hi Wonsuk,

I think there is a question about whether this deliverable ought to contain
detailed information about the manifest and packaging format, or whether
this was going to be dealt with in the Web Apps group.  It seems from
Chaal's email of the 11th January that it doesn't matter too much where the
work is done.  Either way, I suggest that there's value in separating the
deliverable into (1) the packaging and manifest format, (2) security and
execution model, with (2) defining some requirements that (1) will satisfy.
The Samsung proposal does (2) rather nicely, in my opinion.  The benefit of
this is that it makes the security model relevant for those of us using the
Widget packaging standards.

(Wonsuk) Thanks for your suggestion. I am not which way is the best. But in
personal I agreed with Chaal's opinion, so I think this spec would include
all of detail information about the manifest and packaging format. Because
these stuffs are closely related with execution model and security model.

Best regards,

Wonsuk.

In addition, concerning to security model, we had proposal from John Lyle of
Oxford. So I think it would be great if this is harmonized with security
part of merged one. What do you think?

The purpose of the security model we proposed (which is essentially the
webinos security model) was primarily to get agreement (or create
discussion) on the threat model, assets, terminology and some other broad
principles.  That hasn't happened, unfortunately, but the proposals by
Samsung and Mozilla broadly satisfy most of the requirements expressed (The
Samsung proposal perhaps more).  It's worth mentioning that there remain
some points of disagreement between the three documents, but nothing
insurmountable.

I would be happy to contribute to a merged proposal of [2] and [3] to help
add further content about the threat model and requirements, if the editors
think this would be helpful.

[1]
http://sysapps.github.com/sysapps/proposals/SecurityModel/RequirementsForSec
urityModel.html

[2]
http://sysapps.github.com/sysapps/proposals/RunTime-Security/Overview.html

[3]
http://sysapps.github.com/sysapps/proposals/Sysapps-Runtime/Overview.html

Best wishes,

John

Received on Wednesday, 30 January 2013 07:38:32 UTC