W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

RE: DAP and security (was: Rename "File API" to "FileReader API"?)

From: David Rogers <david.rogers@omtp.org>
Date: Thu, 19 Nov 2009 11:04:21 -0000
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0601E5FAD5@exch-be14.exchange.local>
To: <robert@ocallahan.org>
Cc: "Dominique Hazael-Massieux" <dom@w3.org>, "Marcin Hanclik" <Marcin.Hanclik@access-company.com>, "Jonas Sicking" <jonas@sicking.cc>, "Maciej Stachowiak" <mjs@apple.com>, "Robin Berjon" <robin@berjon.com>, <public-device-apis@w3.org>, "public-webapps WG" <public-webapps@w3.org>
 

 

From: rocallahan@gmail.com [mailto:rocallahan@gmail.com] On Behalf Of Robert O'Callahan
Sent: 19 November 2009 10:58
To: David Rogers
Cc: Dominique Hazael-Massieux; Marcin Hanclik; Jonas Sicking; Maciej Stachowiak; Robin Berjon; public-device-apis@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename "File API" to "FileReader API"?)

 

On Thu, Nov 19, 2009 at 11:54 PM, David Rogers <david.rogers@omtp.org> wrote:

	From: rocallahan@gmail.com [mailto:rocallahan@gmail.com] On Behalf Of Robert O'Callahan

	 

	On Thu, Nov 19, 2009 at 10:52 PM, Dominique Hazael-Massieux <dom@w3.org> wrote:

		Le jeudi 19 novembre 2009 à 22:39 +1300, Robert O'Callahan a écrit :

		> There are usually no third parties to delegate to.

		That’s true to a certain extent, but a reason for that might well be
		that the Web platform hasn’t left enough room for third parties in that
		realm.

		One could very well imagine that by allowing a certain level of
		abstraction in security concerns, we would allow businesses to offer
		guarantees against data-loss or data-thief if the user install a
		third-party extension that would check Web sites based on a number of
		their security aspects.

	
	Businesses could offer that today, as a Firefox extension for example. There are actually a lot of "security toolbar" extensions, but they tend to offer advice rather than enforcement and they don't offer any guarantees. (http://groups.csail.mit.edu/uid/projects/phishing/chi-security-toolbar.pdf has an interesting analysis (albeit slightly dated).)
	

	 

	[DAVID] This is in effect an insurance policy, I’m sure there will be organisations willing to step-up.

 

But they haven't.



[DAVID] But they will ;-) – we have to actually create a framework for that to happen first! As someone mentioned before, in the mobile world this already happens.

 


Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]

Received on Thursday, 19 November 2009 11:05:21 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT