Re: Staying on Topic [Was: Re: WebPortable/PlatformProprietary - An Established Concept] from Anders Rundgren on 2015-02-20 (public-webpayments@w3.org from February 2015)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 20 Feb 2015 17:19:28 +0100
To: David Nicol <davidnicol@gmail.com>
CC: Arthur Barstow <art.barstow@gmail.com>, web Payments CG <public-webpayments@w3.org>
Message-ID: <54E75E90.5060806@gmail.com>

On 2015-02-20 16:45, David Nicol wrote:
> Ouch.  Hmm.  Aside from primary sources like
>
> http://blog.gmane.org/gmane.comp.capabilities.general/day=20150112
>
> and the occasional presentation on POLA best practices, it seems that "membrane/pore" as a security design pattern is woefully underdiscussed.
>
> What it means to *this researcher* is, the "membrane" describes the boundary controlling access to the access-controlled resource (the wet side) from the untrusted world (the dry side), and a "pore" is a mechanism provided by the membrane for allowing specific operations on the resource.
>
> In the nomenclature of C++, pores are public methods.

Thanx David for this explanation which closely follows what I have been planning to do
at a somewhat later stage.  Right now I'm "testing the waters" to see if W3C is a
useful place for dealing with this kind of project.  Given the limited feedback
on the concept and what it is supposed to do, this doesn't appear to be the case.

I can't even get folks listing possible alternatives for dealing with legacy security
solutions like smart cards in the web :-(

BTW, this topic has been "on the radar" like forever:
https://lists.w3.org/Archives/Public/public-identity/2011Nov/0030.html

Anders

>
>
>
> On Fri, Feb 20, 2015 at 8:09 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2015-02-19 20:53, David Nicol wrote:
>
>
>         On Thu, Feb 19, 2015 at 9:16 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@__gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote:
>
>         http://webpki.org/papers/__web2native-bridge.pdf <http://webpki.org/papers/web2native-bridge.pdf>
>
>
>         Looks like a fine candidate for rewriting using "membrane/pore" language
>
>
>     Whow!  I have no idea what that means and I couldn't find it using Google either.
>
>
> So anyway all I was saying was, I am aware of this powerful metaphor, membrane/pore, that could be well used to analyze the problem discussed in that paper. The rest of the thought was, by generalizing into a message-passing idiom, a lot of implementation details about what is native and what is not start seeming trivial.
>
> GOOD MORNING!!!!!
>
>

Received on Friday, 20 February 2015 16:20:05 UTC