Questions on local storage from Jeffrey Walton on 2014-07-12 (public-webplatform@w3.org from July 2014)

From: Jeffrey Walton <noloader@gmail.com>
Date: Sat, 12 Jul 2014 18:21:30 -0400
To: public-webplatform@w3.org
Message-ID: <CAH8yC8nBJaJT_=gRqtpz5Mhu77LW-JtF6+UYnUa+7suvgTrONw@mail.gmail.com>

Hello. I have a few questions on uses cases relating to web storage.

First, WebCrypto is using local storage. If a user clears his data and
cache, then does the action delete information from the WebCrypto
folks? Here, the WebCrypto related information could be device or user
provisioning information, a shared secret or password, or a
public/private key pair. The use case outlined in Section 3.1 of
http://www.w3.org/TR/webcrypto-usecases/.

Second, if clearing data and cache does whack WebCrypto related
material in local storage, then how does one ensure WebCrypto related
information survives the deletion?

Third is off-line web apps using local storage. Suppose a user creates
a document. If a user clears his data and cache, then does the action
delete the locally created documents? The use case is outlined in
https://w3c-webmob.github.io/installable-webapps/ and friends.

Fourth is backup of the data. What controls are available to ensure
WebCrypto material and documents like those created locally are *not*
backed up if so desired? Native apps give us, for example,
`android:allowBackup=false` or `kCFURLIsExcludedFromBackupKey`.

Fifth, is migration of the data. What controls are available to ensure
WebCrypto material and documents like those created locally are *not*
sent to a platform's cloud if so desired? Native apps provide us, for
example, `com.apple.developer.ubiquity-container-identifiers` and
`com.apple.developer.ubiquity-kvstore-identifier`, so their absence
indicates *no* migration to a cloud.

Sixth, cloud storage is being bundled with the platform. Is there a
way reduce the coupling or sever the bundling? That is, suppose I run
OpenStack or ownCloud (or utilize Amazon or RackSpace, etc) and I want
to use it rather than Azure, iCloud or Google's storage. Is it
possible to replace the provider?

Finally, there's a corner case that mildly concerns me. I believe its
a confused deputy problem or permission redelegation problem. The case
is backup software performs its backup, and then the OS puts the
backup on a laptop or in a cloud. Here's, there's a disconnect between
the backup and OS, and collectively they don't understand the data is
not to be migrated.

Help in understanding the interactions and the security controls
available would be greatly appreciated.

Received on Saturday, 12 July 2014 22:21:57 UTC