Re: Runtime and Security Model for Web Applications from Janusz Majnert on 2013-01-02 (public-sysapps@w3.org from January 2013)

From: Janusz Majnert <j.majnert@samsung.com>
Date: Wed, 02 Jan 2013 16:35:38 +0100
To: public-sysapps@w3.org
Message-id: <50E453CA.9070807@samsung.com>

Dear John,

The "Security Requirements for System Applications" document that you 
submitted is a good read. I think it will be a good base for further work.
I have two comments, or rather clarification requests:

1. Section 6.1 reads:
" It [the execution environment] shall by default disable applications 
with no signature or with signatures from entities with unrecoginsed 
root certificates. However, the exection environment may allow 
signatures from entities with an unrecognised root certificate if a 
device owner explicitly permits this."

What is the rationale behind completely disabling apps without 
signatures and restricting those with untrusted root (this includes 
self-signed certs)? Isn't this a bit too restrictive?
BTW, there's a typo: "exection".

2. Section 10.1 reads:
"System applications shall not be allowed to execute inline javascript 
nor shall they be able to execute string-to-JavaScript methods such as 
eval and function."

What do you mean by "function", is it the Function() constructor? 
Shouldn't setTimeout and setInterval be included here as well?

Best regards,
Janusz Majnert
Samsung Electronics Poland

On 2012-12-29 18:26, John Lyle wrote:
> Dear all,
>
> I have submitted a 'Security Requirements for System Applications'
> document as a base for the execution and security model deliverables.
>
> http://sysapps.github.com/sysapps/proposals/SecurityModel/RequirementsForSecurityModel.html
>
>
> It was our belief that a set of requirements would be the most useful
> contribution at this stage, rather than a full deliverable
> specification.  It is drawn from a range of sources, as documented on
> the sysapps wiki page, as well as our experiences with webinos.  The
> main challenge was the relatively small number of use cases and
> scenarios available at present.
>
> Comments and improvements would be welcome as this is also at a very
> early stage.   I am grateful to Claes who has already provided some
> feedback and suggestions.  I haven't had a chance to look at Mounir's
> proposal yet but I hope to provide some feedback in the new year.
>
> Best wishes,
>
> John
>
> On 28/12/12 20:20, Mounir Lamouri wrote:
>> Hi,
>>
>> On behalf of Mozilla, I would like to propose the following document as
>> a base to work on the 'Execution Model' and the 'Security Model'
>> deliverables for this Working Group's Phase 1:
>> http://mounirlamouri.github.com/sysapps/proposals/RunTime-Security/Overview.html
>>
>>
>> As you might understand, this document is in a very early stage but
>> should hopefully be enough to start the discussions.
>>
>> Cheers,
>> --
>> Mounir
>>
>
>
>

Received on Wednesday, 2 January 2013 18:34:23 UTC