Re: Web Security IG - a proposal of actions

Hi Virginie,

>Hi Paul,
>The web & mobile IG aims to deploy web apps on mobile, taking the benefit
>of that market and those devices, see
>Our security analysis should encompass webapp lifeccyle, and analyse all
>possible interactions of webapp on mobile with the rest of the world.
Ok - but what is a "webapp"?  I'm assuming that this includes applications
that may not communicate with the "web" but would use some set of web
derived protocols for communication.  Specifically for direct
device-to-device applications.

>Do you have specific application in mind related to "peer-to-peer
>security for mobile devices" ?

Yes.  Applications using non-celluar connected direct radio connections
using WI-Fi (or BLE, or LTE Direct).

New security models are being developed for peer-to-peer authentication
for the radio link that will have direct correspondence to the P2P
applications.  Not sure yet how this would map to a "webapp" view.


>-----Original Message-----
>From: Paul Lambert []
>Sent: mercredi 16 octobre 2013 19:16
>To: GALINDO Virginie;
>Cc: Wendy Seltzer; Paul Lambert
>Subject: Re: Web Security IG - a proposal of actions
> [...]
>>-       Mobile security
>>We should support the web & mobile IG [1] to understand what are the
>>main security weaknesses in the web app model, compared to native app
>>This would help W3C to fill the gap in terms of security feature for
>>the mobile web.
>Is this just mobile-to-web or is there any interest in direct
>peer-to-peer security for mobile devices?
>Please do not take into account the following notice
>This message and any attachments are intended solely for the addressees
>and may contain confidential information. Any unauthorized use or
>disclosure, either whole or partial, is prohibited.
>E-mails are susceptible to alteration. Our company shall not be liable
>for the message if altered, changed or falsified. If you are not the
>intended recipient of this message, please delete it and notify the
>Although all reasonable efforts have been made to keep this transmission
>free from viruses, the sender will not be liable for damages caused by a
>transmitted virus

Received on Friday, 18 October 2013 09:53:17 UTC