W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: The futile war between Native and Web

From: Jeffrey Walton <noloader@gmail.com>
Date: Mon, 16 Feb 2015 03:06:10 -0500
Message-ID: <CAH8yC8kJ=0mi-AiUPnLP=2rLqGfQZmS727QrsNghwj+LziGJDg@mail.gmail.com>
To: Florian Bösch <pyalot@gmail.com>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, public-webapps WG <public-webapps@w3.org>
On Mon, Feb 16, 2015 at 1:48 AM, Florian Bösch <pyalot@gmail.com> wrote:
> On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloader@gmail.com> wrote:
>>
>> For the second point, and as a security architect, I regularly reject
>> browser-based apps that operate on medium and high value data because
>> we can't place the security controls needed to handle the data. The
>> browser based apps are fine for low value data.
>
> I'm not sure what "high value data" is. But I'm fairly sure that just about
> any e-banking solution in existence is browser based. So I'm guessing your
> definition of "high value data" doesn't include banking access. You work for
> the NSA? Oh snap, the high value data just walked out there on a USB stick.

Each organization classifies its own data according to its own risk posture.

High value data would include, for example, Executive Compensation,
Pending Litigation, and Mergers & Acquisitions. Heck, even some movie
studios classify movie trailers as high value until they are released
in theaters.

I don't work for the NSA, but I have done a lot of work in US Federal
and the US DoD.

I have not drank the Web 2.0 koolaide. We still need security controls
commensurate with the data sensitivity level.

Jeff
Received on Monday, 16 February 2015 08:06:37 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC