Re: DAP and security (was: Rename "File API" to "FileReader API"?)

On Thu, Nov 19, 2009 at 10:52 PM, Dominique Hazael-Massieux <dom@w3.org>wrote:

> Le jeudi 19 novembre 2009 à 22:39 +1300, Robert O'Callahan a écrit :
> > There are usually no third parties to delegate to.
>
> That’s true to a certain extent, but a reason for that might well be
> that the Web platform hasn’t left enough room for third parties in that
> realm.

One could very well imagine that by allowing a certain level of
> abstraction in security concerns, we would allow businesses to offer
> guarantees against data-loss or data-thief if the user install a
> third-party extension that would check Web sites based on a number of
> their security aspects.
>

Businesses could offer that today, as a Firefox extension for example. There
are actually a lot of "security toolbar" extensions, but they tend to offer
advice rather than enforcement and they don't offer any guarantees. (
http://groups.csail.mit.edu/uid/projects/phishing/chi-security-toolbar.pdfhas
an interesting analysis (albeit slightly dated).)

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]

Received on Thursday, 19 November 2009 10:10:34 UTC