On today's call we discussed that there are some security issues around both the push and pull Application Migration use cases. For reference: http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/PullMigr ation http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Document Migration I'm having trouble figuring out how to incorporate these concerns into the top-level security document here: http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Security In one sense it's a security issue, given that pushing a malicious, inappropriate or undesired application could expose the system to a variety of attacks. It also could serve as a denial-of-service vector, assuming that such requests could flood a system and cause it to become unusable or unreachable. In another sense it's a User Experience (UX) issue that is somewhat separable from being a security concern. I think the basic principle here is that these actions are by their nature interruptive and therefore should require confirmation at the affected end of the transaction. E.g. When a user requests to push an application to a target device, the target should provide confirmation UI. Conversely, when a user requests to pull an application from another device, the source device should provide confirmation UI. Perhaps both of these activities (push/pull application migration) should be at least gated by the presence of a pairing relationship as described here: http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Security #Device_Pairing Thoughts? DaveReceived on Wednesday, 8 June 2011 17:19:23 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 8 June 2011 17:19:25 GMT