Re: question on 4.1 explicit intents

On 13/6/12 07:38 , Greg Billock wrote:
> Can you elaborate? The risk the language about intent delivery is
> addressed to is not a security concern, but to maintain a specific
> model of registration within the UA -- that it not silently register
> services and then dispatch to them without user involvement. For
> explicit intents, though, the client is specifically directing the
> user to a particular service -- there's no registration involved.
>
> Do you think the same thinking ought to apply here, though? That is,
> any dispatch, even explicit, to a particular service ought to be
> approved by the user?
JCD: The people I work with in the webinos project looked at the 
registration of the intent as the place in the process where they will 
insert security/policy checking.
They are concerned about the explicit intents and the lack of this 
registration check.
So our first reaction was to try to impose the registration check also 
for explicit intents.

After trying to write a scenario about a pirate page using an explicit 
intent "transferFunds" provided by a banking site, I realize that the 
intent registration may not provide for enough checking.
If such a sensitive intent existed, then I would not authorize its 
invocation from just any page, so at the intent registration time, I 
cannot "approve" it in general.
So the intent provider may need to do additional checking, but it has no 
information on who is the invoker, right ?

I believe there is something missing, the possibility of imposing more 
checks, depending on the sensitivity of the intent.
How would you "install" a security policy for intents on top of the 
current spec ?

Best regards
JC

-- 
JC Dufourd
Directeur d'Etudes/Professor
Groupe Multimedia/Multimedia Group
Traitement du Signal et Images/Signal and Image Processing
Telecom ParisTech, 37-39 rue Dareau, 75014 Paris, France
Tel: +33145817733 - Mob: +33677843843 - Fax: +33145817144

Received on Wednesday, 13 June 2012 08:52:09 UTC