- From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
- Date: Mon, 21 Oct 2013 14:36:57 +0200
- To: David Rogers <david.rogers@copperhorse.co.uk>, "'Dominique Hazael-Massieux'" <dom@w3.org>
- CC: "public-web-security@w3.org" <public-web-security@w3.org>, "'Wendy Seltzer'" <wseltzer@w3.org>
Thanks David, Dom for your feedbacks. Let's catch ideas/ analysis/suggestions in the dedicated wiki Mobile Security : http://www.w3.org/Security/wiki/IG/Mobile_Security_analysis Security Model : http://www.w3.org/Security/wiki/IG/W3C_security_roadmap One obviously should feed the other... Have a nice week. Virginie -----Original Message----- From: David Rogers [mailto:david.rogers@copperhorse.co.uk] Sent: lundi 21 octobre 2013 13:07 To: 'Dominique Hazael-Massieux'; GALINDO Virginie Cc: public-web-security@w3.org; 'Wendy Seltzer' Subject: RE: Web Security IG - a proposal of actions Dear all, As some of you know I have been a very strong advocate of security in this area and I would like to contribute in any way I can. I have been thinking about this for a while and some of the things that we need to concentrate on are: * Basic developer documentation for security through webplatform.org (as has been discussed in webcrypto and webappsec) and clear documentation and understanding of the "web security model". (I have already agreed to kick this work off). * Clear user-controllable / configurable boundaries between the outside "web world" and the local device * Security-in-mind API design to allow for graceful failure as a result of user denial of access to particular features (e.g. device APIs / sysapps) In the future I think we should also think about safety critical applications (i.e. in relation to automotive and mobile), but I think it is too early to consider this right now. Thanks, David. -----Original Message----- From: Dominique Hazael-Massieux [mailto:dom@w3.org] Sent: 17 October 2013 08:42 To: GALINDO Virginie Cc: public-web-security@w3.org; Wendy Seltzer Subject: Re: Web Security IG - a proposal of actions Hi Virginie, Le mercredi 16 octobre 2013 à 17:30 +0200, GALINDO Virginie a écrit : > As announced by Wendy, I am now joining the Web Security IG team and I > shared with Adam and Wendy few topics I believe this IG could discuss. > So here is a proposal of topics we could focus in the coming months, > to bring back this IG to life :) > > - Mobile security > We should support the web & mobile IG [1] to understand what are the > main security weaknesses in the web app model, compared to native app > model. This would help W3C to fill the gap in terms of security > feature for the mobile web. As you know, I'm very interested on this topic, and will be available to help; a big part of the work that needs to be done here is identify what content/servie providers see as gaps, and document which of these gaps are real, and which have solutions but that are not sufficiently well-know. Dom This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Monday, 21 October 2013 12:37:26 UTC