RE: Web Security IG - a proposal of actions

Hello Virginie and Dominique,

I am also very interested on the topic -mobile security- and available for any discussion. I think one of the difficulties here is also that by saying native we sometimes/mostly refer to an hardware component or a software function with hardware support. Since I guess the standard cannot be based on a specific hardware feature, I believe some and correct level of abstraction is needed based on, as Dominique pointed out, the gaps seen by different industries, so the spec may not directly depend on whatever hardware there is, but the security concepts that is introduced by having such software/hardware components in the system.



From: Dominique Hazael-Massieux <>
Sent: Thursday, October 17, 2013 10:41
To: GALINDO Virginie
Cc:; Wendy Seltzer
Subject: Re: Web Security IG - a proposal of actions

Hi Virginie,

Le mercredi 16 octobre 2013 à 17:30 +0200, GALINDO Virginie a écrit :
> As announced by Wendy, I am now joining the Web Security IG team and I shared with Adam and Wendy few topics I believe this IG could discuss. So here is a proposal of topics we could focus in the coming months, to bring back this IG to life :)
> -       Mobile security
> We should support the web & mobile IG [1] to understand what are the
> main security weaknesses in the web app model, compared to native app
> model. This would help W3C to fill the gap in terms of security
> feature for the mobile web.

As you know, I'm very interested on this topic, and will be available to
help; a big part of the work that needs to be done here is identify what
content/servie providers see as gaps, and document which of these gaps
are real, and which have solutions but that are not sufficiently



Bu e-posta mesajı ve ekleri gönderildiği kişi ya da kuruma özeldir ve gizlidir. Ayrıca hukuken de gizli olabilir. Hiçbir şekilde üçüncü kişilere açıklanamaz ve yayınlanamaz. Mesajın yetkili alıcısı değilseniz hiçbir kısmını kopyalayamaz, başkasına gönderemez veya hiçbir şekilde kullanamazsınız. Eğer mesajın yetkili alıcısı veya yetkili alıcısına iletmekten sorumlu kişi siz değilseniz, lütfen mesajı sisteminizden siliniz ve göndereni uyarınız. Gönderen ve POZITRON YAZILIM A.Ş., bu mesajın içerdiği bilgilerin doğruluğu, bütünlüğü ve güncelliği konusunda bir garanti vermemektedir. Mesajın içeriğinden, iletilmesinden, alınmasından, saklanmasından, gizliliğinin korunamamasından, virüs içermesinden ve sisteminizde yaratabileceği zararlardan Şirketimiz sorumlu tutulamaz.

This e-mail and its attachments are private and confidential to the exclusive use of the individual or entity to whom it is addressed. It may also be legally confidential. Any disclosure, distribution or other dissemination of this message to any third party is strictly prohibited. If you are not the intended recipient, you may not copy, forward, send or use any part of it.. If you are not the intended recipient or the person who is responsible to transmit to the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and its attachments. The sender and POZITRON YAZILIM A.S. do not warrant for the accuracy, currency, integrity or correctness of the information in the message and its attachments. POZITRON YAZILIM A.S. shall have no liability with regard to the information contained in the message, its transmission, reception, storage, preservation of confidentiality, viruses or any damages caused in anyway to your computer system.

Received on Thursday, 17 October 2013 09:24:13 UTC