- From: Giles Hogben <Giles.Hogben@enisa.europa.eu>
- Date: Wed, 13 Aug 2008 14:22:20 +0300
- To: <public-pling@w3.org>
- Message-ID: <3FA6AD22F0D6E64B81E89647A2A1C0E1B926F9@dimitra.net1.enisa.europa.eu>
Dear All, ENISA (European Network and Information Security Agency) has commissioned a survey to be conducted by research company YouGov on Web 2.0 security and privacy issues. The aim is to collect data on the attitudes and experiences of end-users in wrt security and privacy in Web 2.0 scenarios. This will be input to a paper we will issue in November on Web 2.0 security and privacy aimed at political decision-makers. We are currently soliciting suggestions for questions. Pling members will doubtless have many useful suggestions. If your organisation would like to propose some questions in this area, please send me ( giles.hogben@enisa.europa.eu ) your suggestions by Monday 18th August. Here are some examples of proposed questions so far: * I have problems figuring out whether a source is trustworthy * I give away my email account details to invite friends to a social application * I have had problems resolving a dispute arising from a Web 2.0 application. * It is easy to verify a person's age reliably * I can control the use of my personal information in social networks. (Perhaps "I have been surprised by use of personal information in social networks") * Have you ever refused to enter data on a website because the website appears untrustworthy? Because of privacy concerns? * Would you use an online banking aggregation service? * Service providers should censor content to protect minors. * Which of the following are Web 2.0 features (end-user content, SOA, rich user-interfaces ....) FYI our working definition of Web 2.0 is: • Rich browser-based applications including Asynchronous Javascript XML (AJAX) and flash applications. • End-user-generated web content: content generated using a browser-based application rather than being uploaded directly to a web-server. Such content is often subject to radically different or less well-defined security and regulatory regimes from content generated and controlled directly by the service-provider. • Client-side code, community-based widgets, user-defined code, community-based software, Ajax, IFrames, etc... • Co-operative dynamic services deriving content and functionality from multiple sources, jurisdictions and Legal Entities. Examples are so-called mash-ups and dynamically composed web-services and content syndication. E.g. Opensocial, Google Mashups etc... Regards, Giles Hogben Network Security Policy Expert European Network & Information Security Agency (ENISA) Tel: +30 2810 391892 Fax: +30 2810 39000
Received on Wednesday, 13 August 2008 11:22:59 UTC