W3C Workshop on Security for Access to Device APIs from the Web from Ian B. Jacobs on 2008-09-30 (public-new-work@w3.org from September 2008)

From: Ian B. Jacobs <ij@w3.org>
Date: Tue, 30 Sep 2008 14:51:53 +0000
To: public-new-work@w3.org
Message-Id: <1222786313.3933.3.camel@localhost>

Hello,

I am pleased to announce the:

  W3C Workshop on Security for Access to Device APIs from the Web
  10-11 December 2008 in London, UK
  Hosted by Vodafone

  Call for Participation: 
  http://www.w3.org/2008/security-ws/

The goal of this workshop is to bring together people from a wide
variety of backgrounds (API designers, security experts, usability
experts, ...) to discuss the security challenges involved in allowing
Web applications and wigets to access the APIs that allow to control
these features, and to advise the W3C on appropriate next steps for any
gap that needs to be addressed with new technical work.

The Workshop is being chaired by Nick Allot (OMTP), and Thomas Roessler
(W3C). If you are interested in serving on the Program Committee, please
contact Dominique Hazaël-Massieux <dom@w3.org>.


===============
Important Dates
===============

 30 September:   Call for Participation issued
 30 October:     Deadline for position papers 
 17 November:    Acceptance notification sent
 20 November:    Program released
 25 November:    Deadline for Registration
 10-11 December: Workshop 

Registration details and information about expected audience are
in the Call for Participation. Please note that:

 - Attendance is open to everyone, including non-W3C Members, but
   each organization or individual wishing to participate must submit
   a position paper.
 - To ensure maximum diversity among participants, a limit may be
   imposed on the maximum number of participants per organization.
 - There is no registration fee.

=====================
Scope of the Workshop
=====================

The Workshop will focus on these areas:

  * Existing frameworks on desktop and mobile platforms to regulate
security policies for specific APIs,
      * Similarities and differences of the security approaches in
        desktop and mobile platforms, in a browser and in a widgets
        environment,
      * Usability of security relevant user interactions; issues and
        opportunities in the mobile environment,
      * Safe language and API subsets, and models for application use of
        such subsets,
      * Policy based trust delegation mechanisms,
      * Reducing the attack surface exposed by Web page scripts
      * Role of authentication of users and applications in securing API
        access,
      * Increasing awareness of good security practices for Web
        applications,
      * Usability of security and privacy policies,

We expect the discussions at this workshop to be relevant to the
following Working Groups:

      * Web Applications Working Group
      * Geolocation Working Group
      * Ubiquitous Web Applications Working Group
      * HTML Working Group
      * Web Security Context Working Group
-- 
Ian Jacobs (ij@w3.org)   http://www.w3.org/People/Jacobs/
Tel:                     +1 718 260-9447

Received on Tuesday, 30 September 2008 14:53:17 UTC