- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 16 Feb 2015 08:09:02 +0100
- To: Florian Bösch <pyalot@gmail.com>, noloader@gmail.com
- CC: public-webapps WG <public-webapps@w3.org>
On 2015-02-16 07:48, Florian Bösch wrote: > On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloader@gmail.com <mailto:noloader@gmail.com>> wrote: > > For the second point, and as a security architect, I regularly reject > browser-based apps that operate on medium and high value data because > we can't place the security controls needed to handle the data. The > browser based apps are fine for low value data. > > I'm not sure what "high value data" is. But I'm fairly sure that just about any e-banking solution in existence is browser based. Unfortunately this is wrong and is why I started this thread. Mobile banking applications in Europe are usually featured as "Apps". This has multiple reasons; one is that there's no way to deal with client-side PKI and secure key storage in the mobile web. > So I'm guessing your definition of "high value data" doesn't include banking access. You work for the NSA? Oh snap, the high value data just walked out there on a USB stick. :-) Anders
Received on Monday, 16 February 2015 07:09:47 UTC