Re: FW: ACTION-660: Input to BP2, on Security and Privacy

On Thu, Feb 14, 2008 at 6:25 PM, Sullivan, Bryan <BS3131@att.com> wrote:
>  Because the related web/internet technologies are standardized, the
>  specific methods may not be mobile specific, but the basic fact that
>  their use is more important in the mobile environment is what is
>  important. That's why the recommendations are included, and verifying
>  compliance to the recommendations is important.

I may be splitting hairs too early, but, you're saying that while
security in general is not an unimportant issue in mobile, of course,
it is not specific to mobile. So sure, we do not need to go over
general security stuff again, and if that's what you're thinking, I
agree. Then we need to see what's mobile-specific here...

>  Any network API's or device API's (data or device internal functions)
>  that are callable from a web application context can result in private
>  information exchange. Certainly these functions are callable as device
>  vendors publish API's for their use, and MIDP for example provides
>  specific API's. Some browsers may be more isolated than others, and not
>  provide application access to these functions. But others do, and web
>  applications can likely call the functions natively.

Again we go back to scoping. We are not writing about MIDP (right??)
and I don't know of any HTML or HTTP mechanisms that transmit location
info or contacts (unless there are X- headers that are semi-standard?)
If no in-scope, existing technologies raise this problem, what will we
say about this?

We aren't chartered to write a document musing on future issues for
potential mobile technologies -- well, are we? I don't want to do
that, it's not what I had in mind.

Received on Thursday, 14 February 2008 23:53:43 UTC