- From: Wonsuk Lee <wonsuk11.lee@samsung.com>
- Date: Wed, 30 Jan 2013 16:38:01 +0900
- To: 'John Lyle' <john.lyle@cs.ox.ac.uk>
- Cc: public-sysapps@w3.org
- Message-id: <02de01cdfebc$bbb1c970$33155c50$@samsung.com>
Hi. John. From: John Lyle [mailto:john.lyle@cs.ox.ac.uk] Sent: Tuesday, January 29, 2013 7:26 PM To: public-sysapps@w3.org Subject: Re: Request to make one proposal for execution model and security model On 29/01/13 00:18, Wonsuk Lee wrote: Hi. Colleagues. So far we had three proposals[1][2][3] for execution model and security model from Oxford, Mozilla and Samsung electronics. Conceptually large parts of Mozilla and Samsung's proposals are overlapped, so I would like to ask the editors of these proposals to merge as a one proposal. Hi Wonsuk, I think there is a question about whether this deliverable ought to contain detailed information about the manifest and packaging format, or whether this was going to be dealt with in the Web Apps group. It seems from Chaal's email of the 11th January that it doesn't matter too much where the work is done. Either way, I suggest that there's value in separating the deliverable into (1) the packaging and manifest format, (2) security and execution model, with (2) defining some requirements that (1) will satisfy. The Samsung proposal does (2) rather nicely, in my opinion. The benefit of this is that it makes the security model relevant for those of us using the Widget packaging standards. (Wonsuk) Thanks for your suggestion. I am not which way is the best. But in personal I agreed with Chaal's opinion, so I think this spec would include all of detail information about the manifest and packaging format. Because these stuffs are closely related with execution model and security model. Best regards, Wonsuk. In addition, concerning to security model, we had proposal from John Lyle of Oxford. So I think it would be great if this is harmonized with security part of merged one. What do you think? The purpose of the security model we proposed (which is essentially the webinos security model) was primarily to get agreement (or create discussion) on the threat model, assets, terminology and some other broad principles. That hasn't happened, unfortunately, but the proposals by Samsung and Mozilla broadly satisfy most of the requirements expressed (The Samsung proposal perhaps more). It's worth mentioning that there remain some points of disagreement between the three documents, but nothing insurmountable. I would be happy to contribute to a merged proposal of [2] and [3] to help add further content about the threat model and requirements, if the editors think this would be helpful. [1] http://sysapps.github.com/sysapps/proposals/SecurityModel/RequirementsForSec urityModel.html [2] http://sysapps.github.com/sysapps/proposals/RunTime-Security/Overview.html [3] http://sysapps.github.com/sysapps/proposals/Sysapps-Runtime/Overview.html Best wishes, John
Received on Wednesday, 30 January 2013 07:38:32 UTC