- From: Marcos Caceres <marcosscaceres@gmail.com>
- Date: Tue, 30 Aug 2011 23:34:13 -0400
- To: roBman@mob-labs.com
- Cc: Robin Berjon <robin@berjon.com>, Scott Wilson <scott.bradley.wilson@gmail.com>, public-native-web-apps@w3.org
On Tuesday, 30 August 2011 at 20:55, Rob Manson wrote: > Hi Marcos, > > off the top of my head there's a few issues it could raise even with > OAuth or similar in place. > > - even with secured channels just the information that certain > hosts are talking to your device & their frequency can reveal > information agreed. > > - sensor dependent distributed apps are then sensitive to new > types of DoS attacks Right, there would have to be a good separation between the request and the response (i.e., responses could be cached to no flood the physical sensor) > - once this data is outside your device OAuth etc. can no longer > control it True. Is that not a generic risk of making any data available? I'm thinking of weather station sensor data, for instance. > > - visibility of what has been approved is important but then may > clutter the UI which UI? > > Plus I'm sure lots we haven't even thought of. It's a good start. > But I do think that sensor APIs are the "killer app" that are most > likely to really justify the need for web servers embedded in client > devices. Agreed. Do you have any in particular ones in mind or any immediate use cases? > > roBman > > > On Tue, 2011-08-30 at 20:40 -0400, Marcos Caceres wrote: > > Hi Rob, > > > > On Tuesday, 30 August 2011 at 07:59, Rob Manson wrote: > > > +1 to this opening up some interesting and valuable options for > > > distributed applications that share this sensor data across > > > devices... > > Absolutely! > > > > > however that also brings a world of security issues with it > > > too. > > Lets assume the API was secured with some kind of OAuth-like thing. What other issues do you foresee?
Received on Wednesday, 31 August 2011 03:34:48 UTC