- From: John Lyle <john.lyle@cs.ox.ac.uk>
- Date: Tue, 29 Jan 2013 10:26:04 +0000
- To: public-sysapps@w3.org
- Message-ID: <5107A3BC.60302@cs.ox.ac.uk>
On 29/01/13 00:18, Wonsuk Lee wrote: > > Hi. Colleagues. > > So far we had three proposals[1][2][3] for execution model and > security model from Oxford, Mozilla and Samsung electronics. > Conceptually large parts of Mozilla and SamsungĄ¯s proposals are > overlapped, so I would like to ask the editors of these proposals to > merge as a one proposal. > Hi Wonsuk, I think there is a question about whether this deliverable ought to contain detailed information about the manifest and packaging format, or whether this was going to be dealt with in the Web Apps group. It seems from Chaal's email of the 11th January that it doesn't matter too much where the work is done. Either way, I suggest that there's value in separating the deliverable into (1) the packaging and manifest format, (2) security and execution model, with (2) defining some requirements that (1) will satisfy. The Samsung proposal does (2) rather nicely, in my opinion. The benefit of this is that it makes the security model relevant for those of us using the Widget packaging standards. > In addition, concerning to security model, we had proposal from John > Lyle of Oxford. So I think it would be great if this is harmonized > with security part of merged one. What do you think? > The purpose of the security model we proposed (which is essentially the webinos security model) was primarily to get agreement (or create discussion) on the threat model, assets, terminology and some other broad principles. That hasn't happened, unfortunately, but the proposals by Samsung and Mozilla broadly satisfy most of the requirements expressed (The Samsung proposal perhaps more). It's worth mentioning that there remain some points of disagreement between the three documents, but nothing insurmountable. I would be happy to contribute to a merged proposal of [2] and [3] to help add further content about the threat model and requirements, if the editors think this would be helpful. > [1] > http://sysapps.github.com/sysapps/proposals/SecurityModel/RequirementsForSecurityModel.html > > [2] > http://sysapps.github.com/sysapps/proposals/RunTime-Security/Overview.html > > [3] > http://sysapps.github.com/sysapps/proposals/Sysapps-Runtime/Overview.html > > Best wishes, John
Received on Tuesday, 29 January 2013 10:26:27 UTC