Here are two use cases, which illustrate some ongoing security concerns that are not specific to users rather focused on the overall service. Feedback as to whether these would be covered as "specific security concerns" under Jonathan's proposal, would be appreciated. WebRTC example: a 1st party Web conferencing site enables users to create 1-to-N peer connections with other users through various WebRTC service providers. To protect users and the overall service from fraudulent attempts to hack into conferences, the 1st party and 3rd party must authenticate users and log unique IDs per SLAs between them. Web & TV example: a 1st party site provides an accessibility-enhancing service which mashes up captions to video accessed from 3rd parties. To comply with parental control features offered through the 1st party site, the 3rd party site has to use unique IDs to verify user access to the content, and log attempts to access non-permitted content. Thanks, Bryan SullivanReceived on Wednesday, 11 April 2012 17:33:24 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 11 April 2012 17:33:25 GMT