Re: Web Security IG - a proposal of actions from Paul Lambert on 2013-10-17 (public-web-security@w3.org from October 2013)

From: Paul Lambert <paul@marvell.com>
Date: Thu, 17 Oct 2013 11:33:51 -0700
To: GALINDO Virginie <Virginie.GALINDO@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>
CC: Wendy Seltzer <wseltzer@w3.org>, Paul Lambert <paul@nymbus.net>
Message-ID: <CE857A64.25E86%paul@marvell.com>

Hi Virginie,


>Hi Paul,
>
>The web & mobile IG aims to deploy web apps on mobile, taking the benefit
>of that market and those devices, see
>http://www.w3.org/2013/07/webmobile-ig-charter.html
>Our security analysis should encompass webapp lifeccyle, and analyse all
>possible interactions of webapp on mobile with the rest of the world.
Ok - but what is a "webapp"?  I'm assuming that this includes applications
that may not communicate with the "web" but would use some set of web
derived protocols for communication.  Specifically for direct
device-to-device applications.

>
>Do you have specific application in mind related to "peer-to-peer
>security for mobile devices" ?

Yes.  Applications using non-celluar connected direct radio connections
using WI-Fi (or BLE, or LTE Direct).

New security models are being developed for peer-to-peer authentication
for the radio link that will have direct correspondence to the P2P
applications.  Not sure yet how this would map to a "webapp" view.

Paul



>
>Virginie
>
>
>-----Original Message-----
>From: Paul Lambert [mailto:paul@marvell.com]
>Sent: mercredi 16 octobre 2013 19:16
>To: GALINDO Virginie; public-web-security@w3.org
>Cc: Wendy Seltzer; Paul Lambert
>Subject: Re: Web Security IG - a proposal of actions
>
> [...]
>>-       Mobile security
>>We should support the web & mobile IG [1] to understand what are the
>>main security weaknesses in the web app model, compared to native app
>>model.
>>This would help W3C to fill the gap in terms of security feature for
>>the mobile web.
>
>Is this just mobile-to-web or is there any interest in direct
>peer-to-peer security for mobile devices?
>
>Paul
>
>[...]
>
>==============================================
>
>Please do not take into account the following notice
>
>
>This message and any attachments are intended solely for the addressees
>and may contain confidential information. Any unauthorized use or
>disclosure, either whole or partial, is prohibited.
>E-mails are susceptible to alteration. Our company shall not be liable
>for the message if altered, changed or falsified. If you are not the
>intended recipient of this message, please delete it and notify the
>sender.
>Although all reasonable efforts have been made to keep this transmission
>free from viruses, the sender will not be liable for damages caused by a
>transmitted virus

Received on Friday, 18 October 2013 09:53:17 UTC