RE: Raw Socket API from Nilsson, Claes1 on 2014-04-01 (public-sysapps@w3.org from April 2014)

From: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
Date: Tue, 1 Apr 2014 12:22:28 +0200
To: 'Dave Raggett' <dsr@w3.org>, sysapps <public-sysapps@w3.org>
CC: Anders Rundgren <anders.rundgren.net@gmail.com>, Marcos Caceres <w3c@marcosc.com>
Message-ID: <6DFA1B20D858A14488A66D6EEDF26AA302765E37A7D2@seldmbx03.corpusers.net>

Sounds very good that you are working on an input on the security model for SysApps. Even though each specific API may have API specific security issues I assume that there are security solutions that could be common for many situations. For example what can we achieve by using existing web security mechanisms such as TLS, CSP, CORS, etc ?

By the way Dave, the link to the Internal Draft of the TCP and UDP Socket API on the SysApps main page is still broken. It would be nice to have that correct especially for making the Streams API based version of the API visible. Could you also change the name in the "Specification" column from "Raw Sockets" to "TCP and UDP".

BR
  Claes

Claes Nilsson
Master Engineer - Web Research
Advanced Application Lab, Technology

Sony Mobile Communications
Tel: +46 70 55 66 878
claes1.nilsson@sonymobile.com

sonymobile.com

> -----Original Message-----
> From: Dave Raggett [mailto:dsr@w3.org]
> Sent: den 31 mars 2014 19:52
> To: sysapps
> Cc: Anders Rundgren; Marcos Caceres
> Subject: Re: Raw Socket API
> 
> 
> On 31/03/14 18:38, Anders Rundgren wrote:
> > On 2014-03-31 18:29, Marcos Caceres wrote:
> >
> >
> > Hi Marcos,
> >
> > I think the core issue here (for me...) is that the draft doesn't
> > elaborate on the trust model.  IMO, that should be a prerequisite for
> > all WebAPIs ( https://developer.mozilla.org/en-US/docs/WebAPI )
> > because they are actually rather different.  Geo-location is
> > essentially a user privacy thing while networks usually have
> "concerned parties" in both ends.
> >
> > In a nutshell: I'm not able to tell which end (or mode) the Raw
> Socket
> > API draft is trying to protect by requiring a trusted application.
> > This may very well be due to limited understanding on my side :-(
> 
> Just to let you all know that I am planning on writing a white paper on
> the security model for SysApps and hope to be able to introduce this at
> next week's face to face.
> 
> Regards,
> 
> --
> Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett

>

Received on Tuesday, 1 April 2014 10:22:59 UTC