- From: Holley Kevin (Centre) <Kevin.Holley@O2.com>
- Date: Fri, 15 Feb 2008 09:05:52 -0000
- To: "Sean Owen" <srowen@google.com>, "Sullivan, Bryan" <BS3131@att.com>
- Cc: "BPWG-Public" <public-bpwg@w3.org>
I think that the main concern is the following scenario: A mobile user downloads an application for a specific purpose. Say it's an IM chat client. This IM chat client needs access to the internet. The user is happy with this access to the internet for IM purposes. But does that mean that the IM chat client automatically gets access to the user's location information from cell site IDs or GPS? What about the phone book? History of who the user has called? Private emails? Bank account details? And what about an application which uploads the user's location to an internet-based service? Does that application get access to emails/phone call logs etc? Does it get to send the user's location to lots of places or only the one server? These are the kinds of issue which Brian is highlighting. Regards, Kevin Kevin Holley Manager, Application Standards Group Technology O2 Telefónica O2 Europe plc, Direct Line: +44 1473 782214 Mobile: +44 7802 220811 Fax: +44 7711 752031 Email: kevin.holley@o2.com IM: kevinaholley (MSN/Y!/AIM etc.) www.o2.com -----Original Message----- From: public-bpwg-request@w3.org [mailto:public-bpwg-request@w3.org] On Behalf Of Sean Owen Sent: 14 February 2008 23:54 To: Sullivan, Bryan Cc: BPWG-Public Subject: Re: FW: ACTION-660: Input to BP2, on Security and Privacy On Thu, Feb 14, 2008 at 6:25 PM, Sullivan, Bryan <BS3131@att.com> wrote: > Because the related web/internet technologies are standardized, the > specific methods may not be mobile specific, but the basic fact that > their use is more important in the mobile environment is what is > important. That's why the recommendations are included, and verifying > compliance to the recommendations is important. I may be splitting hairs too early, but, you're saying that while security in general is not an unimportant issue in mobile, of course, it is not specific to mobile. So sure, we do not need to go over general security stuff again, and if that's what you're thinking, I agree. Then we need to see what's mobile-specific here... > Any network API's or device API's (data or device internal functions) > that are callable from a web application context can result in private > information exchange. Certainly these functions are callable as device > vendors publish API's for their use, and MIDP for example provides > specific API's. Some browsers may be more isolated than others, and not > provide application access to these functions. But others do, and web > applications can likely call the functions natively. Again we go back to scoping. We are not writing about MIDP (right??) and I don't know of any HTML or HTTP mechanisms that transmit location info or contacts (unless there are X- headers that are semi-standard?) If no in-scope, existing technologies raise this problem, what will we say about this? We aren't chartered to write a document musing on future issues for potential mobile technologies -- well, are we? I don't want to do that, it's not what I had in mind. This electronic message contains information from O2 which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address below) immediately. Switchboard: +44 (0)113 272 2000 Telefónica O2 Europe plc Registered Office: Wellington Street, Slough, Berkshire SL1 1YP Registered in England and Wales: 5310128 VAT number: GB 778 6037 85
Received on Friday, 15 February 2008 09:06:20 UTC