- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 14 Sep 2015 19:08:49 +0200
- To: Henry Story <henry.story@co-operating.systems>
- Cc: public-web-security@w3.org, Mike O'Neill <michael.oneill@baycloud.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, public-webappsec@w3.org
- Message-ID: <12224619.VvVKkCde7X@hegel>
Henry, On Monday 14 September 2015 16:10:44 Henry Story wrote: > Just a note that there is a parallel discussion happening > on the TAG mailing list arguing about the relation between > SOP and User Control, that is: between a technical and a legal > concept. > > My contributions there go in the direction of what Rigo is arguing > here, that is that these are seperate concepts, that cannot be applied > willy nilly without careful argument. See: > https://lists.w3.org/Archives/Public/www-tag/2015Sep/0033.html > https://lists.w3.org/Archives/Public/www-tag/2015Sep/0038.html > > But the whole discussion this September on the TAG is really revolving > around this topic. thanks for the cross-linking. The same argumentation has already be used during the rechartering of the WebCrypto Group. The privacy argument used by people from one of the largest origins is funny at best. If I use my token with A and I use my token with B, A and B have to communicate to find out that I used them both. If I use my super large origin to have analytics here and advertisement there and social networking over there, all the identified data is collected by the super same origin. This makes the privacy argument in this discussion so interesting. Especially as it gives the big players that are already close to monopoly yet another competitive advantage. After having read the threat, I persist in believing that Henry and Tim talk about apples (their's :) and Alex and others are talking about oranges. This profound split in philosophy makes dialog and understanding so hard (If it is at all wanted) Let me explain: Henry uses his computer and is a user on his machine/mobile. It happens that he accidentally uses a social network or some javascript cloud word processor. His browser mediates his user on his machine to the world. It is a tool to use services and to protect from those services. Alex uses his computer as a frontend to his cloud-identity. His user is his account on the social networking service that is integrated with his word processor and his document store. His browser is a necessary thing on some device so he can use his service. The browser is something that shouldn't create more risk for the user on his account. Once you think account-centric and super-service, it it starts to make sense. You don't want to have interference from third parties or data leaks or vulnerabilities. You trust the service, not the browser. Henry doesn't necessarily trust the service or the network inbetween. He only wants to communicate with a specific counterpart. To do that, he needs to have a secret/means to work without being watched by the server. Both models come up again and again, e.g. in WebRTC (exposing IP address discussion). Can both co-exist? I think yes, others think no. For those who think "yes", the proposition of HaSec makes sense: http://www.w3.org/2015/hasec/2015-hasec-charter.html For those thinking no, this is not inline with web architecture as it creates another dimension that is hard to capture in a service account. Feel free to forward to the TAG if you think it makes sense. --Rigo
Received on Monday, 14 September 2015 17:09:11 UTC