- From: John Lyle <john.lyle@cs.ox.ac.uk>
- Date: Tue, 03 Jul 2012 17:49:02 +0100
- To: public-sysapps@w3.org
On 03/07/12 10:41, Adam Barth wrote: > Boot2Gecko also has a security model document: > > https://wiki.mozilla.org/Apps/Security > > SysApps are likely to be a slice of that model (in the sense that > traditional web apps are also a slice), but it's likely something > worth considering as well. Dear all, While we are discussing related security models, it might also be worth considering some of the following as input: * The WAC core security specifications [1] * The BONDI App Security Framework [2] * Chrome extensions security model and permissions [3,4] * The webinos security model (currently being updated) [5] * The Widgets security model landscape analysis from 2008[6] * The security controls introduced by 'Gibraltar' as per this paper [7] I'm working on an analysis of these (and more) as part of the webinos project. So far, all I've done is create a list of links and relevant related work, which you can find at [8]. I hope it will be helpful for this working group when it is finished. I would very much appreciate suggestions or comments. Best regards, John [1] http://specs.wacapps.net/core/#security-and-privacy [2] http://www.omtp.org/OMTP_Application_Security_Framework_v2_2.pdf [3] http://code.google.com/chrome/extensions/trunk/apps/app_architecture.html [4] http://code.google.com/chrome/extensions/permission_warnings.html [5] http://dev.webinos.org/deliverables/wp3/d35.html [6] http://www.w3.org/TR/widgets-land/#security [7] https://www.usenix.org/conference/webapps12/gibraltar-exposing-hardware-devices-web-pages-using-ajax [8] https://docs.google.com/document/d/175vNhHLPdjYb7iwRBlLmSa3SsSIATpYZ7kpFyy-eYI0 -- John Lyle Research Assistant Department of Computer Science, University of Oxford http://www.cs.ox.ac.uk/people/john.lyle/
Received on Wednesday, 4 July 2012 06:57:03 UTC