RE: DAP and security (was: Rename "File API" to "FileReader API"?)

Hi,

I'm going to answer these one by one, so apologies in advance for a slew
of emails coming from me. My comments will always be marked [DAVID]:

-----Original Message-----
From: Maciej Stachowiak [mailto:mjs@apple.com] 
Sent: 19 November 2009 01:20
To: Frederick Hirsch
Cc: ext Jonas Sicking; David Rogers; Marcin Hanclik; Dominique
Hazael-Massieux; Robin Berjon; public-device-apis@w3.org; public-webapps
WG
Subject: Re: DAP and security (was: Rename "File API" to "FileReader
API"?)


On Nov 18, 2009, at 5:13 PM, Frederick Hirsch wrote:

> This is a good point, and an argument for "policy" rather than  
> implicit user consent, if I'm not mistaken. It highlights that  
> usability might also be an issue with the non-modal interaction  
> model,  as well as not always be very meaningful (since I the user  
> might have no idea what most directories are for or where to  
> navigate). Arbitrary directory navigation for writing files is not a  
> good idea.

"policy" is not a solution to the scenario Jonas posted either. Who is  
going to define a home PC or Mac user's browser policy? The user  
doesn't have the expertise to do it. There's no sysadmin to do it for  
them. And browser/OS vendors should not be in the game of whitelisting  
a specific set of sites for extra access.

[DAVID] This is the whole point - the user could choose who their policy
provider could be. The list is endless but it could be: a child
protection organisation, EFF, Which?, an anti-virus vendor/firewall
company, OS vendor, browser vendor, mobile operator - the point being
that the provider is someone the user trusts. On the subject of
whitelisting etc. have a look at http://stopbadware.org/ - potentially
these are things that could be used by policy providers (I'm sure there
are lots of other reputable sources too).

Dieter Gollman said: "security-unaware users have specific security
requirements but usually no security expertise" - this is why is wholly
irresponsible to defer the decision to the user in the majority of
cases. Generally, the user would much rather have someone more informed
take that decision for them. I don't think we can eliminate prompts but
we could reduce them to a level that they might actually be read and
treated as important. Right now the opposite is true.

Thanks,


David.

Received on Thursday, 19 November 2009 10:42:12 UTC