- From: Giuseppe Pascale <giuseppep@opera.com>
- Date: Mon, 18 Apr 2011 16:18:48 +0200
- To: "public-web-and-tv@w3.org" <public-web-and-tv@w3.org>, "Matt Hammond" <matt.hammond@rd.bbc.co.uk>
Matt, I see your case now, I'll add it to the list. Using pairing is indeed a possible solution, but I'm wondering if this security problem is more related to the shared nature of the device than to the Home Networking technology itself, and if this could/should be more a concern for the device manufacturer; for example STB/TV could use a master password to enable/disable this functionality, an OS could rely on normal Users permissions and so on. /g On Mon, 18 Apr 2011 15:46:46 +0200, Matt Hammond <matt.hammond@rd.bbc.co.uk> wrote: > hi Guiseppe, > > Apologies - I did not properly explain the difference: > > I refer to a use case where, for example, the owner of the TV may wish > to prevent other members of the household from using websites to remote > control it unless he grants permission. In this circumstance, not only > might the user of the website need to grant the website permission, but > also a privileged user of the TV (or other device) may need to authorise > it too. > > With a pairing code approach, this can be achieved if only certain users > can access the pairing setup part of the user interface on the device to > be controlled. > > > regards > > > Matt > > On Mon, 18 Apr 2011 14:41:52 +0100, Giuseppe Pascale > <giuseppep@opera.com> wrote: > >> On Mon, 18 Apr 2011 14:16:28 +0200, Matt Hammond >> <matt.hammond@rd.bbc.co.uk> wrote: >> >>> Hi Giuseppe, >>> >>> Another class of security concern could be access by unauthorised >>> users (via their personal devices). For example, a family may wish to >>> prevent any website that the children view on their PCs or phones from >>> being able to query and/or control other devices on the home network >>> (such as the lounge TV) unless explicitly authorised to do so. >>> >> Agree, in my opinion this was listed under the first bullet of >> "Malicious attacks" >> "An external server can control an HN device (e.g. send spam to your >> printer)" >> >> /g >>> The pairing code mechanism you suggest is one possible way of >>> achieving this. >>> >>> regards >>> >>> >>> >>> Matt >>> >>> >>> On Mon, 18 Apr 2011 13:06:34 +0100, Giuseppe Pascale >>> <giuseppep@opera.com> wrote: >>> >>>> Hi all, >>>> we have discussed in several places (workshop, this mailing list, >>>> etc) how important it is to address privacy and security concerns >>>> around Home Networking Technologies. >>>> >>>> In order to trigger some discussion, I started a new document about >>>> Security. >>>> The idea behind this document is to collect all reasonable concerns >>>> and a list of possible solutions. >>>> I don't think is in the scope for this TF to decide on one solution, >>>> but I think would be valuable if this group could come up with an >>>> analysis and a list of suggestion for a WG to work on. >>>> >>>> The document is as usual available on the wiki >>>> http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Security >>>> >>>> I'm sure there are more things that can be written, so feel free to >>>> comment on it and propose extensions or corrections to it. >>>> >>>> >>>> /g >>> >>> >> >> > > -- Giuseppe Pascale TV & Connected Devices Opera Software - Sweden
Received on Monday, 18 April 2011 14:13:28 UTC