- From: Bryan Sullivan <blsaws@gmail.com>
- Date: Wed, 11 Apr 2012 13:32:41 -0400
- To: "public-tracking@w3.org" <public-tracking@w3.org>
Received on Wednesday, 11 April 2012 17:33:24 UTC
Here are two use cases, which illustrate some ongoing security concerns that are not specific to users rather focused on the overall service. Feedback as to whether these would be covered as "specific security concerns" under Jonathan's proposal, would be appreciated. WebRTC example: a 1st party Web conferencing site enables users to create 1-to-N peer connections with other users through various WebRTC service providers. To protect users and the overall service from fraudulent attempts to hack into conferences, the 1st party and 3rd party must authenticate users and log unique IDs per SLAs between them. Web & TV example: a 1st party site provides an accessibility-enhancing service which mashes up captions to video accessed from 3rd parties. To comply with parental control features offered through the 1st party site, the 3rd party site has to use unique IDs to verify user access to the content, and log attempts to access non-permitted content. Thanks, Bryan Sullivan
Received on Wednesday, 11 April 2012 17:33:24 UTC