Use cases for consideration as "Ongoing Security Concerns" for 3rd parties

Here are two use cases, which illustrate some ongoing security concerns that
are not specific to users  rather focused on the overall service. Feedback
as to whether these would be covered as "specific security concerns" under
Jonathan's proposal, would be appreciated.

WebRTC example: a 1st party Web conferencing site enables users to create
1-to-N peer connections with other users through various WebRTC service
providers. To protect users and the overall service from fraudulent attempts
to hack into conferences, the 1st party and 3rd party must authenticate
users and log unique IDs per SLAs between them.

Web & TV example: a 1st party site provides an accessibility-enhancing
service which mashes up captions to video accessed from 3rd parties. To
comply with parental control features offered through the 1st party site,
the 3rd party site has to use unique IDs to verify user access to the
content, and log attempts to access non-permitted content.

Bryan Sullivan

Received on Wednesday, 11 April 2012 17:33:24 UTC