- From: Nilsson, Claes1 <Claes1.Nilsson@sonyericsson.com>
- Date: Tue, 15 Dec 2009 11:15:27 +0100
- To: "'public-device-apis@w3.org'" <public-device-apis@w3.org>
- Message-ID: <6DFA1B20D858A14488A66D6EEDF26AA3208923CF8E@seldmbx03.corpusers.net>
Hi, I attach two proposals: 1. "File granularity access policy". This is response to my action 38. The proposal is based on "Policy Based Device Access Security" (Steve Lewontin/Nokia http://lists.w3.org/Archives/Public/public-device-apis/2009Nov/att-0012/SecurityPolicy_09.pdf) that Steve presented at the Santa Clara meeting. My proposal adds a finer granularity to restrict access to APIs based on application identity. 2. "Secure Cred Manager". This proposal is based on 1 above and is an API for retrieving securely stored data, "credentials", in the device. A major use case for this API is Social Networking Services web application application login to the service. I have a humble view on this and understand the security issues with JavaScript. However, by referencing existing security mechanisms such as Digital signing, TLS/SSL and WARP, I believe that such an API is possible. Furthermore, I realize that it is not possible to include this API in the phase 1 delivery from DAP but I want to have it in the list of "Future Work". Best regards Claes Claes Nilsson M.Sc.E.E Senior Staff Engineer CTO - R&T Europe - UI/App/Web Sony Ericsson Mobile Communications Phone: +46 10 80 15178 Mobile: +46 705 56 68 78 Switchboard: +46 10 80 00000 E-Mail: mailto:claes1.nilsson@sonyericsson.com Visiting Address; Nya Vattentornet SE-221 88 LUND, Sweden Disclaimer: The information in this e-mail is confidential and may be legally privileged. It is intended solely for the named recipient(s) and access to this e-mail by anyone else is unauthorized. The views are those of the sender and not necessarily the views of Sony Ericsson and Sony Ericsson accepts no responsibility or liability whatsoever or howsoever arising in connection with this e-mail.Any attachment(s) to this message has been checked for viruses, but please rely on your own virus checker and procedures. If you contact us by e-mail, we will store your name and address to facilitate communications. If you are not the intended recipient, please inform the sender by replying this transmission and delete the e-mail and any copies of it without disclosing it.
Attachments
- application/vnd.openxmlformats-officedocument.presentationml.presentation attachment: Secure Cred Manager.pptx
- application/vnd.openxmlformats-officedocument.presentationml.presentation attachment: File granularity access policy.pptx
Received on Tuesday, 15 December 2009 10:16:14 UTC