Re: Sensors API

On Tuesday, 30 August 2011 at 20:55, Rob Manson wrote: 
> Hi Marcos,
> 
> off the top of my head there's a few issues it could raise even with
> OAuth or similar in place.
> 
>  - even with secured channels just the information that certain
>  hosts are talking to your device & their frequency can reveal
>  information
agreed. 
> 
>  - sensor dependent distributed apps are then sensitive to new
>  types of DoS attacks
Right, there would have to be a good separation between the request and the response (i.e., responses could be cached to no flood the physical sensor)

>  - once this data is outside your device OAuth etc. can no longer
>  control it
True. Is that not a generic risk of making any data available? I'm thinking of weather station sensor data, for instance. 
> 
>  - visibility of what has been approved is important but then may
>  clutter the UI
which UI? 
> 
> Plus I'm sure lots we haven't even thought of.
It's a good start. 

> But I do think that sensor APIs are the "killer app" that are most
> likely to really justify the need for web servers embedded in client
> devices.
Agreed. Do you have any in particular ones in mind or any immediate use cases? 

> 
> roBman
> 
> 
> On Tue, 2011-08-30 at 20:40 -0400, Marcos Caceres wrote:
> > Hi Rob, 
> > 
> > On Tuesday, 30 August 2011 at 07:59, Rob Manson wrote:
> > > +1 to this opening up some interesting and valuable options for
> > > distributed applications that share this sensor data across
> > > devices...
> > Absolutely! 
> > 
> > > however that also brings a world of security issues with it
> > > too.
> > Lets assume the API was secured with some kind of OAuth-like thing. What other issues do you foresee? 

Received on Wednesday, 31 August 2011 03:34:48 UTC