RE: Web Security IG - a proposal of actions from David Rogers on 2013-10-21 (public-web-security@w3.org from October 2013)

From: David Rogers <david.rogers@copperhorse.co.uk>
Date: Mon, 21 Oct 2013 12:06:32 +0100
To: "'Dominique Hazael-Massieux'" <dom@w3.org>, "'GALINDO Virginie'" <Virginie.GALINDO@gemalto.com>
Cc: <public-web-security@w3.org>, "'Wendy Seltzer'" <wseltzer@w3.org>
Message-ID: <00cd01cece4d$9c6d1040$d54730c0$@copperhorse.co.uk>

Dear all,

As some of you know I have been a very strong advocate of security in this area and I would like to contribute in any way I can.

I have been thinking about this for a while and some of the things that we need to concentrate on are:

* Basic developer documentation for security through webplatform.org (as has been discussed in webcrypto and webappsec) and clear documentation and understanding of the "web security model". (I have already agreed to kick this work off).
* Clear user-controllable / configurable boundaries between the outside "web world" and the local device
* Security-in-mind API design to allow for graceful failure as a result of user denial of access to particular features (e.g. device APIs / sysapps)

In the future I think we should also think about safety critical applications (i.e. in relation to automotive and mobile), but I think it is too early to consider this right now.

Thanks,


David.

-----Original Message-----
From: Dominique Hazael-Massieux [mailto:dom@w3.org] 
Sent: 17 October 2013 08:42
To: GALINDO Virginie
Cc: public-web-security@w3.org; Wendy Seltzer
Subject: Re: Web Security IG - a proposal of actions

Hi Virginie,

Le mercredi 16 octobre 2013 à 17:30 +0200, GALINDO Virginie a écrit :
> As announced by Wendy, I am now joining the Web Security IG team and I 
> shared with Adam and Wendy few topics I believe this IG could discuss. 
> So here is a proposal of topics we could focus in the coming months, 
> to bring back this IG to life :)
> 
> -       Mobile security
> We should support the web & mobile IG [1] to understand what are the 
> main security weaknesses in the web app model, compared to native app 
> model. This would help W3C to fill the gap in terms of security 
> feature for the mobile web.

As you know, I'm very interested on this topic, and will be available to help; a big part of the work that needs to be done here is identify what content/servie providers see as gaps, and document which of these gaps are real, and which have solutions but that are not sufficiently well-know.

Dom

Received on Monday, 21 October 2013 11:07:08 UTC