- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Mon, 20 Nov 2006 23:41:36 +0000
- To: Brad Porter <brad@tellme.com>
- Cc: "W3C Security (Public)" <public-wsc-wg@w3.org>
Don't know anything about widgets, but the IT admin angle also reminds me of the new nea WG in the IETF, which is supposed to be looking at things like patch level compliance (with some IT admin policy) before/during network access. Not sure they'll be very successful, but if they are, then wsc might want to take account of that protocol too (e.g. when meeting use cases where people use work PCs for consumer purposes). S. [1] http://www.ietf.org/html.charters/nea-charter.html Brad Porter wrote: > I was considering the unique security challenges of the Widgets 1.0 > Working Draft <http://www.w3.org/TR/2006/WD-widgets-20061109/> > (chromeless windows that want all the capabilities of the web plus > more.) I began to wonder if we should be looking to enable the IT > administrator as much or more than the individual. > > As an IT administrator, you're forced to deal with users who place > different values on personal and information security, who have > different mental models for who they trust, and generally have less to > lose personally than the corporation as a whole. Consequently, as much > as the responsibility for maintaining the information security policy > belongs to each individual at a company, in practice, doing that > consistently requires some central enforcement. > > Would we consider it in-scope or out-of-scope to deal with centrally > managing access and policy along side with (or in place of) making it > easier for the individual user to manage his/her security and privacy? > > --Brad
Received on Monday, 20 November 2006 23:40:51 UTC