RE: Policy work items - request for proposals from Suresh Chitturi on 2009-11-02 (public-device-apis@w3.org from November 2009)

From: Suresh Chitturi <schitturi@rim.com>
Date: Mon, 2 Nov 2009 17:21:43 -0500
To: "Frederick Hirsch" <frederick.hirsch@nokia.com>, "W3C Device APIs and Policy WG" <public-device-apis@w3.org>
Message-ID: <B35D8F122C08BC43BBA1D02713D2BB5D07C0E743@XCH69YKF.rim.net>

Hi Frederick, all,

I would be happy to look at the security aspects in general for the
API/features and access control model for the same.

To be concrete I guess this translates to items 2 and 5? If there are
others who are also interested perhaps it can be a joint action item.

Regards,
Suresh

-----Original Message-----
From: public-device-apis-request@w3.org
[mailto:public-device-apis-request@w3.org] On Behalf Of Frederick Hirsch
Sent: Monday, November 02, 2009 2:15 PM
To: W3C Device APIs and Policy WG
Cc: Frederick Hirsch
Subject: Policy work items - request for proposals

During the morning F2F session I recorded the following somewhat  
independent work items:

1. trust model definition
2. access control model definition
3 capability definitions for APIs in DAP charter and related W3C APIs
4. features - definition
5 security considerations for each API,  privacy concerns for each  
API, definition of likely user prompts based on API functionality that  
have security implications (e.g. take picture query also gives  
security permission)
6 security threat models and countermeasures/ security use cases
7 Context for security decisions - what additional information can be  
included in decision
8. FileAPI security model and simplification

Is this list complete, are the items somewhat orthogonal?

Do we have volunteers to help with concrete proposals, especially for  
the list of capability definitions, API security considerations,  
security use cases/threats.

regards, Frederick

Frederick Hirsch, Nokia
Co-Chair, W3C DAP Working Group



---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

Received on Monday, 2 November 2009 23:16:32 UTC