RE: FW: ACTION-660: Input to BP2, on Security and Privacy from Sullivan, Bryan on 2008-02-14 (public-bpwg@w3.org from February 2008)

From: Sullivan, Bryan <BS3131@att.com>
Date: Thu, 14 Feb 2008 15:25:23 -0800
To: "BPWG-Public" <public-bpwg@w3.org>
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD05D93FF3@BD01MSXMB015.US.Cingular.Net>

Sean,
Because the related web/internet technologies are standardized, the
specific methods may not be mobile specific, but the basic fact that
their use is more important in the mobile environment is what is
important. That's why the recommendations are included, and verifying
compliance to the recommendations is important.

Any network API's or device API's (data or device internal functions)
that are callable from a web application context can result in private
information exchange. Certainly these functions are callable as device
vendors publish API's for their use, and MIDP for example provides
specific API's. Some browsers may be more isolated than others, and not
provide application access to these functions. But others do, and web
applications can likely call the functions natively.

Best regards,
Bryan Sullivan | AT&T

-----Original Message-----
From: Sean Owen [mailto:srowen@google.com] 
Sent: Thursday, February 14, 2008 2:29 PM
To: Sullivan, Bryan
Cc: BPWG-Public
Subject: Re: FW: ACTION-660: Input to BP2, on Security and Privacy

On Thu, Feb 14, 2008 at 5:14 PM, Sullivan, Bryan <BS3131@att.com> wrote:
>  [bryan] This recommendation addresses the basic ability to protect 
> user  personally identifiable information. It can be considered the 
> root of  privacy protections generally, enabling primarily the 
> confidentiality  and integrity of information. Note that given 
> confidentiality and  integrity in transit, the "trust" in the source 
> (or authenticity) of the  information is a different aspect, which we 
> might address, but is more  difficult as trust depends upon larger 
> issues which are not as easily  verifiable as confidentiality and 
> integrity. We welcome suggestions for  other recommendations in this
area.

[srowen] My $0.02 again here is that the general statements here so far
aren't mobile specific. I can imagine there could be a *lot* to say
about location information, access to the camera (?), and access to
contacts. But I had kinda thought we were still talking about web apps,
and so a lot of that probably doesn't come up.

Received on Thursday, 14 February 2008 23:26:04 UTC