- From: Marcos Caceres <w3c@marcosc.com>
- Date: Thu, 17 Oct 2013 11:35:11 +0100
- To: Dominique Hazael-Massieux <dom@w3.org>
- Cc: public-web-mobile@w3.org
On Thursday, October 17, 2013 at 9:17 AM, Dominique Hazael-Massieux wrote: > Hi, > > As I have mentioned in a separate thread, "security" is often mentioned > as an area where developing on the Web is inferior to native. > > While some of these mentions are fairly hand-wavy, in general this > relates to: > * lack of encrypted storage > * impossibility to manage remotely locally-stored data for a given Web > app > * certificate/key management > * difficulty to protect against XSS/CSRF attacks > * difficulty to hide the code of the app (and thus greater exposure to > attacks) > > Virginie Galindo, one of the co-chairs of the Web Security IG, has > started a call for interest in the Web Security IG on developing a > clearer picture and set of requirements in this space: > http://lists.w3.org/Archives/Public/public-web-security/2013Oct/0002.html > > I hope the WebMob IG can provide assistance in this space. In > particular, it would be great to hear from people on this list of what > use cases they've found hard or impossible to implement via Web > technologies due to concern around security. This came up on the WebApps list from a developer: http://lists.w3.org/Archives/Public/public-webapps/2013OctDec/0188.html > Adding references on relevant articles and reports on this topic in > http://www.w3.org/wiki/Mobile/articles#Security_and_Web_apps would also > be very useful contributions. I know people are also asking for this in Firefox OS. https://bugzilla.mozilla.org/show_bug.cgi?id=877535 It would probably be good to track that too. There is probably an equivalent on the chromium side.
Received on Thursday, 17 October 2013 10:35:43 UTC