W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

RE: Authentium

From: <michael.mccormick@wellsfargo.com>
Date: Mon, 30 Jul 2007 15:34:42 -0500
Message-ID: <8A794A6D6932D146B2949441ECFC9D680420D94C@msgswbmnmsp17.wellsfargo.com>
To: <beltzner@mozilla.com>, <dan.schutzer@fstc.org>
Cc: <tlr@w3.org>, <public-wsc-wg@w3.org>

The line is blurry at best.  The browser I saw demo'd came pre-loaded
with shortcuts for about 30 popular web sites.  It's not specific to one
site (although it can be packaged that way).  So to me it seems similar
to SBM which also would come with a restricted list of trusted web
sites.

-----Original Message-----
From: Mike Beltzner [mailto:beltzner@mozilla.com] 
Sent: Monday, July 30, 2007 2:53 PM
To: Dan Schutzer
Cc: 'Thomas Roessler'; McCormick, Mike; public-wsc-wg@w3.org
Subject: Re: Authentium

To be clear, I don't think this is "secure web browsing". I think this
is a "Some Bank's Home Banking Application" that happens to, under the
covers, use the protocols and technologies that we call "the web".

cheers,
mike

On 30-Jul-07, at 3:14 PM, Dan Schutzer wrote:

> I agree that there are a number of vendors, and that the idea of 
> talking Secure Web Browsing is that we can scale it up and get the 
> mainstream vendors Mozilla, Microsoft etc supporting it. I think the 
> timing might be right to start talking seriously as to how we can all 
> work together to make this happen; launch some joint W3C/FSTC 
> follow-on to the WSC.
>
> Dan Schutzer
>
> -----Original Message-----
> From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg- 
> request@w3.org] On Behalf Of Mike Beltzner
> Sent: Monday, July 30, 2007 2:56 PM
> To: Thomas Roessler
> Cc: michael.mccormick@wellsfargo.com; public-wsc-wg@w3.org
> Subject: Re: Authentium
>
>
> Mark Finkle, a Mozilla Technology Evangelist, has produced a set of
> binaries called "WebRunner" which is meant to make it easier to
> produce a HTML client that talks to a single web-application. He
> hasn't done any work vis-a-vis locking it down from a security
> perspective, but we could talk to him about adding that to his
> working list of requirements.
>
> I think there's some value into looking at organizations creating and
> distributing website specific apps, and it fits into a model of "web-
> backed widgetry" which is popular on mobile devices.
>
> cheers,
> mike
>
> On 30-Jul-07, at 1:57 PM, Thomas Roessler wrote:
>
>>
>> (Cutting the CC list down)
>>
>> On 2007-07-30 11:16:15 -0500, michael.mccormick@wellsfargo.com wrote:
>>
>>> There are emerging vendors who offer a hardened web browser that
>>> only allows the user to access certain pre-vetted web sites.  The
>>> one I saw demo'd today is based on the Mozilla code base.  The UI
>>> looks like a stripped-down Firefox.  While it's running all other
>>> Windows programs (inc. any key loggers or other malware) are more
>>> or less suspended.  Only SSL communication is allowed.  The
>>> browser also uses a private DNS server to avoid DNS poisoning and
>>> a signed URL list to avoid bookmark poisoning.
>>
>> I wonder how scalable this actually is, and how much it'll be used.
>> I've seen similar approaches demonstrated where the banking platform
>> was launched from a read-only Linux distribution (on CD), to defend
>> against any possible malware infestation.
>>
>> Regards,
>> -- 
>> Thomas Roessler, W3C  <tlr@w3.org>
>>
>
>
>
>
Received on Monday, 30 July 2007 20:35:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:50 GMT