Re: ENISA Smartphone security study from Arthur Barstow on 2010-05-19 (public-webapps@w3.org from April to June 2010)

From: Arthur Barstow <art.barstow@nokia.com>
Date: Wed, 19 May 2010 13:23:16 -0400
To: ext Giles Hogben <Giles.Hogben@enisa.europa.eu>
CC: public-webapps <public-webapps@w3.org>
Message-ID: <4BF41E84.7080708@nokia.com>

Hi Giles,

The specifications in scope for the WebApplications WG  are "platform" 
neutral and device independent. As such, I do not foresee the WG 
creating an "official" position on this "Smartphone questionnaire" since 
most of the questions are not in scope for WebApps.

I presume it would be OK for individuals and/or W3C Member companies to 
submit comments. Would you please confirm if that is acceptable or not? 
Also, please send us the Public URL where comments for this "study" are 
archived.

Regarding the list of questions, I (speaking as an individual) have the 
following comments:

* The following questions are generally out of scope for WebApps: #1, 
#4, #5, #6, #8, #9, #11.

* The Digital Signature for Widgets spec can be viewed as applicable for 
#2 and #3.

* Several of our specs (e.g. CORS, UMP, Widget Interface) include 
Security Considerations that are relevant for #7 (but specific 
"channels" are not in scope).

* The proposed Web Notifications will define an alerting mechanism that 
may be relevant to #10 (e.g. the spec defines generic alerting mechanisms).

For a list of WG's specifications in progress, please see the 
publication status tables at:

   http://www.w3.org/2008/webapps/wiki/PubStatus

-Regards, Art Barstow

On 5/19/10 10:27 AM, ext Giles Hogben wrote:
> Hi,
> I am a security expert at ENISA (the European Network and Information Security Agency). We conducting a study on smartphone security and would like to have input from the Web Apps WG via the attached questionnaire, as well as reviewing of drafts of the study when it is ready. The questionnaire also explains the goals of the project. Would it be possible to have an official position from the WG?
>
> Some other points about the study are:
>
> - If necessary, we will hold a number of conference calls to clarify specific issues.
> - No information which regards sensitive corporate IP will be expected or published.
> - Contributor names/organisations will be used on the final report only with consent
>
> Thanks,
>
> Giles Hogben
>
>
> Dr Giles Hogben
> Network Security Policy Expert
> European Network&  Information Security Agency (ENISA)
>
>

Received on Wednesday, 19 May 2010 17:24:28 UTC