- From: Jeffrey Walton <noloader@gmail.com>
- Date: Sat, 12 Jul 2014 18:21:30 -0400
- To: public-webplatform@w3.org
Hello. I have a few questions on uses cases relating to web storage. First, WebCrypto is using local storage. If a user clears his data and cache, then does the action delete information from the WebCrypto folks? Here, the WebCrypto related information could be device or user provisioning information, a shared secret or password, or a public/private key pair. The use case outlined in Section 3.1 of http://www.w3.org/TR/webcrypto-usecases/. Second, if clearing data and cache does whack WebCrypto related material in local storage, then how does one ensure WebCrypto related information survives the deletion? Third is off-line web apps using local storage. Suppose a user creates a document. If a user clears his data and cache, then does the action delete the locally created documents? The use case is outlined in https://w3c-webmob.github.io/installable-webapps/ and friends. Fourth is backup of the data. What controls are available to ensure WebCrypto material and documents like those created locally are *not* backed up if so desired? Native apps give us, for example, `android:allowBackup=false` or `kCFURLIsExcludedFromBackupKey`. Fifth, is migration of the data. What controls are available to ensure WebCrypto material and documents like those created locally are *not* sent to a platform's cloud if so desired? Native apps provide us, for example, `com.apple.developer.ubiquity-container-identifiers` and `com.apple.developer.ubiquity-kvstore-identifier`, so their absence indicates *no* migration to a cloud. Sixth, cloud storage is being bundled with the platform. Is there a way reduce the coupling or sever the bundling? That is, suppose I run OpenStack or ownCloud (or utilize Amazon or RackSpace, etc) and I want to use it rather than Azure, iCloud or Google's storage. Is it possible to replace the provider? Finally, there's a corner case that mildly concerns me. I believe its a confused deputy problem or permission redelegation problem. The case is backup software performs its backup, and then the OS puts the backup on a laptop or in a cloud. Here's, there's a disconnect between the backup and OS, and collectively they don't understand the data is not to be migrated. Help in understanding the interactions and the security controls available would be greatly appreciated.
Received on Saturday, 12 July 2014 22:21:57 UTC