W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

RE: Authentium

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Mon, 30 Jul 2007 15:14:57 -0400
To: "'Mike Beltzner'" <beltzner@mozilla.com>, "'Thomas Roessler'" <tlr@w3.org>
Cc: <michael.mccormick@wellsfargo.com>, <public-wsc-wg@w3.org>, "'Dan Schutzer'" <dan.schutzer@fstc.org>
Message-ID: <013301c7d2dd$ebe2c060$6500a8c0@dschutzer>

I agree that there are a number of vendors, and that the idea of talking
Secure Web Browsing is that we can scale it up and get the mainstream
vendors Mozilla, Microsoft etc supporting it. I think the timing might be
right to start talking seriously as to how we can all work together to make
this happen; launch some joint W3C/FSTC follow-on to the WSC.

Dan Schutzer

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Mike Beltzner
Sent: Monday, July 30, 2007 2:56 PM
To: Thomas Roessler
Cc: michael.mccormick@wellsfargo.com; public-wsc-wg@w3.org
Subject: Re: Authentium

Mark Finkle, a Mozilla Technology Evangelist, has produced a set of  
binaries called "WebRunner" which is meant to make it easier to  
produce a HTML client that talks to a single web-application. He  
hasn't done any work vis-a-vis locking it down from a security  
perspective, but we could talk to him about adding that to his  
working list of requirements.

I think there's some value into looking at organizations creating and  
distributing website specific apps, and it fits into a model of "web- 
backed widgetry" which is popular on mobile devices.


On 30-Jul-07, at 1:57 PM, Thomas Roessler wrote:

> (Cutting the CC list down)
> On 2007-07-30 11:16:15 -0500, michael.mccormick@wellsfargo.com wrote:
>> There are emerging vendors who offer a hardened web browser that
>> only allows the user to access certain pre-vetted web sites.  The
>> one I saw demo'd today is based on the Mozilla code base.  The UI
>> looks like a stripped-down Firefox.  While it's running all other
>> Windows programs (inc. any key loggers or other malware) are more
>> or less suspended.  Only SSL communication is allowed.  The
>> browser also uses a private DNS server to avoid DNS poisoning and
>> a signed URL list to avoid bookmark poisoning.
> I wonder how scalable this actually is, and how much it'll be used.
> I've seen similar approaches demonstrated where the banking platform
> was launched from a read-only Linux distribution (on CD), to defend
> against any possible malware infestation.
> Regards,
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 30 July 2007 19:15:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:17 UTC