- From: Rob Manson <roBman@mob-labs.com>
- Date: Wed, 31 Aug 2011 10:55:03 +1000
- To: Marcos Caceres <marcosscaceres@gmail.com>
- Cc: Robin Berjon <robin@berjon.com>, Scott Wilson <scott.bradley.wilson@gmail.com>, public-native-web-apps@w3.org
Hi Marcos,
off the top of my head there's a few issues it could raise even with
OAuth or similar in place.
- even with secured channels just the information that certain
hosts are talking to your device & their frequency can reveal
information
- sensor dependent distributed apps are then sensitive to new
types of DoS attacks
- once this data is outside your device OAuth etc. can no longer
control it
- visibility of what has been approved is important but then may
clutter the UI
Plus I'm sure lots we haven't even thought of.
But I do think that sensor APIs are the "killer app" that are most
likely to really justify the need for web servers embedded in client
devices.
roBman
On Tue, 2011-08-30 at 20:40 -0400, Marcos Caceres wrote:
> Hi Rob,
>
> On Tuesday, 30 August 2011 at 07:59, Rob Manson wrote:
> > +1 to this opening up some interesting and valuable options for
> > distributed applications that share this sensor data across
> > devices...
> Absolutely!
>
> > however that also brings a world of security issues with it
> > too.
> >
> Lets assume the API was secured with some kind of OAuth-like thing. What other issues do you foresee?
Received on Wednesday, 31 August 2011 00:55:38 UTC