- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 7 Nov 2014 11:59:51 +0100
- To: "Nilsson, Claes1" <Claes1.Nilsson@sonymobile.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, Mounir Lamouri <mounir@lamouri.fr>, "public-geolocation@w3.org" <public-geolocation@w3.org>, Mike West <mkwst@google.com>
On Fri, Nov 7, 2014 at 11:40 AM, Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com> wrote: > Thanks for your reply Anne. I understand how http: provides the added security level based on the assumption that the user is capable of making an informed decision based on the origin of the web application. And let me just stress again that this is far better than the status quo. The status quo requires the user to make a trust decision about the network in addition to the domain name. And by now we, the web standards bodies of this world, know the network to be insecure. So if we punt that decision about the network to the end user, we are effectively saying it's okay for a user's location to leak. To me, that does not seem acceptable. > When I refer to a more general model for allowing access to sensitive APIs I can for example mention that we are implementing a model for "Trusted Hosted Web Applications" in FFOS. The model is based on a signed certificate containing CSP definitions and list of permissions as well as secure transport and certificate pinning. This is probably too much for Geolocation but could be applicable for more sensitive APIs such as SysApps TCP and UDP Socket API or a powerful Media Storage API. See slide 6-8 in > http://lists.w3.org/Archives/Public/public-sysapps/2014Sep/att-0000/SoMC_FFOS_Trusted_Hosted_Apps.pdf. That seems very much like a different issue, yes. (It's about someone other than the user trusting the code before it can run within the network of the user. Not sure if reinvention of the CA model is great though...) -- https://annevankesteren.nl/
Received on Friday, 7 November 2014 11:00:18 UTC