- From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
- Date: Thu, 17 Oct 2013 15:45:09 +0200
- To: Anders Rundgren <anders.rundgren@telia.com>, "public-web-security@w3.org" <public-web-security@w3.org>, Mete Balcı <Mete.Balci@pozitron.com>
Anders, Mete, and all, I guess that the security analysis of web app on mobile, should address the entire life cycles of the webapps, meaning : - app design (including functions made available to the developers) - app packaging - app deployment/update - app usage (include the user granted rights) My view is that the hardware component assumptions will only be a part of the problem. We have here a reasonable number of ideas to open a wiki and start listing the perceived/existing problems... Will land in few days in our wiki http://www.w3.org/Security/wiki/IG [yes, we even have a wiki :)] Any other idea to load our homework ? Virginie -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@telia.com] Sent: jeudi 17 octobre 2013 12:02 To: Mete Balcı Cc: public-web-security@w3.org Subject: Re: Web Security IG - a proposal of actions On 2013-10-17 11:16, Mete Balcı wrote: > Hello Virginie and Dominique, > > I am also very interested on the topic -mobile security- and available for any discussion. > I think one of the difficulties here is also that by saying native we > sometimes/mostly refer to an hardware component or a software function > with hardware support. Since I guess the standard cannot be based on a > specific hardware feature, I believe some and correct level of > abstraction is needed based on, as Dominique pointed out, the gaps > seen by different industries, so the spec may not directly depend on whatever hardware there is, but the security concepts that is introduced by having such software/hardware components in the system. Hi Mete, This should be of interest: http://lists.w3.org/Archives/Public/public-sysapps/2013Oct/0024.html A question arises: Can you actually abstract a security element API and still maintain end-to-end security? Cheers, Anders This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Thursday, 17 October 2013 13:46:01 UTC