RE: W3M question on charter from Carr, Wayne on 2012-07-05 (public-sysapps@w3.org from July 2012)

From: Carr, Wayne <wayne.carr@intel.com>
Date: Thu, 5 Jul 2012 17:09:04 +0000
To: John Lyle <john.lyle@cs.ox.ac.uk>, "public-sysapps@w3.org" <public-sysapps@w3.org>
Message-ID: <52F8A45B68FD784E8E4FEE4DA9C6E52A3FBDB801@ORSMSX101.amr.corp.intel.com>

+1 on mentioning a range of possible inputs like these.

It's going to be a discussion topic for the wg whether there should be a single (restrictive) model like in some of the strawman docs or more a framework with more flexibility. 

>-----Original Message-----
>From: John Lyle [mailto:john.lyle@cs.ox.ac.uk]
>Sent: Tuesday, July 03, 2012 9:49 AM
>To: public-sysapps@w3.org
>Subject: Re: W3M question on charter
>
>On 03/07/12 10:41, Adam Barth wrote:
>> Boot2Gecko also has a security model document:
>>
>> https://wiki.mozilla.org/Apps/Security

>>
>> SysApps are likely to be a slice of that model (in the sense that
>> traditional web apps are also a slice), but it's likely something
>> worth considering as well.
>
>Dear all,
>
>While we are discussing related security models, it might also be worth
>considering some of the following as input:
>
>* The WAC core security specifications [1]
>* The BONDI App Security Framework [2]
>* Chrome extensions security model and permissions [3,4]
>* The webinos security model (currently being updated) [5]
>* The Widgets security model landscape analysis from 2008[6]
>* The security controls introduced by 'Gibraltar' as per this paper [7]
>
>I'm working on an analysis of these (and more) as part of the webinos project.  So
>far, all I've done is create a list of links and relevant related work, which you can
>find at [8].  I hope it will be helpful for this working group when it is finished.  I
>would very much appreciate suggestions or comments.
>
>Best regards,
>
>John
>
>
>
>[1] http://specs.wacapps.net/core/#security-and-privacy

>[2] http://www.omtp.org/OMTP_Application_Security_Framework_v2_2.pdf

>[3]
>http://code.google.com/chrome/extensions/trunk/apps/app_architecture.html

>[4] http://code.google.com/chrome/extensions/permission_warnings.html

>[5] http://dev.webinos.org/deliverables/wp3/d35.html

>[6] http://www.w3.org/TR/widgets-land/#security

>[7]
>https://www.usenix.org/conference/webapps12/gibraltar-exposing-hardware-

>devices-web-pages-using-ajax
>[8]
>https://docs.google.com/document/d/175vNhHLPdjYb7iwRBlLmSa3SsSIATpYZ7k

>pFyy-eYI0
>
>
>
>--
>John Lyle
>Research Assistant
>Department of Computer Science, University of Oxford
>http://www.cs.ox.ac.uk/people/john.lyle/

>
>
>

Received on Thursday, 5 July 2012 17:09:32 UTC