- From: Mays, David <David_Mays@Comcast.com>
- Date: Tue, 7 Jun 2011 17:43:26 +0000
- To: Web and TV Interest Group WG <public-web-and-tv@w3.org>
On today's call we discussed that there are some security issues around both the push and pull Application Migration use cases. For reference: http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/PullMigr ation http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Document Migration I'm having trouble figuring out how to incorporate these concerns into the top-level security document here: http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Security In one sense it's a security issue, given that pushing a malicious, inappropriate or undesired application could expose the system to a variety of attacks. It also could serve as a denial-of-service vector, assuming that such requests could flood a system and cause it to become unusable or unreachable. In another sense it's a User Experience (UX) issue that is somewhat separable from being a security concern. I think the basic principle here is that these actions are by their nature interruptive and therefore should require confirmation at the affected end of the transaction. E.g. When a user requests to push an application to a target device, the target should provide confirmation UI. Conversely, when a user requests to pull an application from another device, the source device should provide confirmation UI. Perhaps both of these activities (push/pull application migration) should be at least gated by the presence of a pairing relationship as described here: http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Security #Device_Pairing Thoughts? Dave
Received on Wednesday, 8 June 2011 17:19:23 UTC