W3C home > Mailing lists > Public > public-xg-webid@w3.org > March 2011

Re: HTML5 Fat-client Issues and WebID

From: Nathan <nathan@webr3.org>
Date: Tue, 08 Mar 2011 13:57:16 +0000
Message-ID: <4D7635BC.7090504@webr3.org>
To: jeff@sayremedia.com
CC: WebID XG <public-xg-webid@w3.org>
Jeff Sayre wrote:
>>> Can a WebID help sufficiently in alleviating those concerns so
>>> that enterprise apps even consider leveraging HTML5's
>>> client-side processing and storage features?
> 
> I do understand the benefits a WebID offers but we need to make sure that
> we consider as many reasonable security concerns that an enterprise owner
> may have with client-side storage and processing and clearly demonstrate
> how a WebID can alleviate those concerns.
> 
> Perhaps this is a moot point. But as I'm working on use cases, I need to
> make sure that I am looking at the picture from both sides--from that of
> the user and from that of the enterprise (website) owner. To succeed in
> our efforts, we need the enterprise owners to adopt the WebID.

It's far from moot, there are some very key security considerations in 
this respect, especially taking in to account cross-origin requests, 
confused deputy attacks, and ultimately what happens when you remove the 
silk screen of supposed security the current browser security models 
implement (no offense to our browser friends).

I've briefly written on the topic here:
   http://lists.w3.org/Archives/Public/www-tag/2011Feb/0017.html

But will reply later on today after meeting etc with how it relates to 
WebID.

Actually, I may be better to get used to wiki writing rather thane 
everything in email! Will reply in due course anyway.

Best,

Nathan
Received on Tuesday, 8 March 2011 13:58:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 March 2011 13:58:09 GMT