Re: Hosted apps, was Re: Clarity over direction of work on runtime and security model?

On 2013-10-08 10:56, Nilsson, Claes1 wrote:
> Let me come back on these questions. I plan to have internal meetings 
> with security experts and hope to provide a more tangible proposal for hosted apps later.

The SE API introduces yet another security model because the SE in itself
constitutes of a platform.  The latter is also a primary reason why the SE
discussions doesn't seem to go anywhere...

BR
Anders

> 
> BR
>   Claes
> 
>> -----Original Message-----
>> From: Marcos Caceres [mailto:w3c@marcosc.com]
>> Sent: den 7 oktober 2013 16:27
>> To: Nilsson, Claes1
>> Cc: Kenneth Rohde Christiansen; Dave Raggett; public-sysapps@w3.org;
>> Isberg, Anders
>> Subject: Re: Hosted apps, was Re: Clarity over direction of work on
>> runtime and security model?
>>
>>
>>
>> On Friday, September 27, 2013 at 3:39 PM, Nilsson, Claes1 wrote:
>>
>>> What could we achieve by using a signed manifest in combination with
>> securely transported content?
>>>
>>
>> How does one sign the manifest? What format?
>>
>>> The manifest is signed by the app store and states that the url:
>> https://www.foo.com/myapp is trusted. Content Security Policy is set to
>> script-src 'self'. All script content must come from the same site, i.e.
>> it should not be allowed to load script content from a 3rd party.
>> The problem is that the server can still be hacked (e.g., the hosted
>> app loads an RSS feed or user comments).
>>> With this model the app store can revocate the manifest similar to
>> revocation of packaged app.
>>>
>>
>> The WG does not have a "kill switch" AFAIK. I don't know if anyone even
>> implemented such a thing for W3C widgets in the old days.
>>
>> --
>> Marcos Caceres
>>
>>
>

Received on Tuesday, 8 October 2013 09:28:27 UTC