W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: Authentium

From: Mike Beltzner <beltzner@mozilla.com>
Date: Mon, 30 Jul 2007 15:52:55 -0400
Message-Id: <90BCA235-595E-4371-BDF6-06C5126B74B9@mozilla.com>
Cc: "'Thomas Roessler'" <tlr@w3.org>, <michael.mccormick@wellsfargo.com>, <public-wsc-wg@w3.org>
To: "Dan Schutzer" <dan.schutzer@fstc.org>

To be clear, I don't think this is "secure web browsing". I think  
this is a "Some Bank's Home Banking Application" that happens to,  
under the covers, use the protocols and technologies that we call  
"the web".


On 30-Jul-07, at 3:14 PM, Dan Schutzer wrote:

> I agree that there are a number of vendors, and that the idea of  
> talking
> Secure Web Browsing is that we can scale it up and get the mainstream
> vendors Mozilla, Microsoft etc supporting it. I think the timing  
> might be
> right to start talking seriously as to how we can all work together  
> to make
> this happen; launch some joint W3C/FSTC follow-on to the WSC.
> Dan Schutzer
> -----Original Message-----
> From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg- 
> request@w3.org] On
> Behalf Of Mike Beltzner
> Sent: Monday, July 30, 2007 2:56 PM
> To: Thomas Roessler
> Cc: michael.mccormick@wellsfargo.com; public-wsc-wg@w3.org
> Subject: Re: Authentium
> Mark Finkle, a Mozilla Technology Evangelist, has produced a set of
> binaries called "WebRunner" which is meant to make it easier to
> produce a HTML client that talks to a single web-application. He
> hasn't done any work vis-a-vis locking it down from a security
> perspective, but we could talk to him about adding that to his
> working list of requirements.
> I think there's some value into looking at organizations creating and
> distributing website specific apps, and it fits into a model of "web-
> backed widgetry" which is popular on mobile devices.
> cheers,
> mike
> On 30-Jul-07, at 1:57 PM, Thomas Roessler wrote:
>> (Cutting the CC list down)
>> On 2007-07-30 11:16:15 -0500, michael.mccormick@wellsfargo.com wrote:
>>> There are emerging vendors who offer a hardened web browser that
>>> only allows the user to access certain pre-vetted web sites.  The
>>> one I saw demo'd today is based on the Mozilla code base.  The UI
>>> looks like a stripped-down Firefox.  While it's running all other
>>> Windows programs (inc. any key loggers or other malware) are more
>>> or less suspended.  Only SSL communication is allowed.  The
>>> browser also uses a private DNS server to avoid DNS poisoning and
>>> a signed URL list to avoid bookmark poisoning.
>> I wonder how scalable this actually is, and how much it'll be used.
>> I've seen similar approaches demonstrated where the banking platform
>> was launched from a read-only Linux distribution (on CD), to defend
>> against any possible malware infestation.
>> Regards,
>> -- 
>> Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 30 July 2007 19:53:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:17 UTC