- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Mon, 30 Jul 2007 15:52:55 -0400
- To: "Dan Schutzer" <dan.schutzer@fstc.org>
- Cc: "'Thomas Roessler'" <tlr@w3.org>, <michael.mccormick@wellsfargo.com>, <public-wsc-wg@w3.org>
To be clear, I don't think this is "secure web browsing". I think this is a "Some Bank's Home Banking Application" that happens to, under the covers, use the protocols and technologies that we call "the web". cheers, mike On 30-Jul-07, at 3:14 PM, Dan Schutzer wrote: > I agree that there are a number of vendors, and that the idea of > talking > Secure Web Browsing is that we can scale it up and get the mainstream > vendors Mozilla, Microsoft etc supporting it. I think the timing > might be > right to start talking seriously as to how we can all work together > to make > this happen; launch some joint W3C/FSTC follow-on to the WSC. > > Dan Schutzer > > -----Original Message----- > From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg- > request@w3.org] On > Behalf Of Mike Beltzner > Sent: Monday, July 30, 2007 2:56 PM > To: Thomas Roessler > Cc: michael.mccormick@wellsfargo.com; public-wsc-wg@w3.org > Subject: Re: Authentium > > > Mark Finkle, a Mozilla Technology Evangelist, has produced a set of > binaries called "WebRunner" which is meant to make it easier to > produce a HTML client that talks to a single web-application. He > hasn't done any work vis-a-vis locking it down from a security > perspective, but we could talk to him about adding that to his > working list of requirements. > > I think there's some value into looking at organizations creating and > distributing website specific apps, and it fits into a model of "web- > backed widgetry" which is popular on mobile devices. > > cheers, > mike > > On 30-Jul-07, at 1:57 PM, Thomas Roessler wrote: > >> >> (Cutting the CC list down) >> >> On 2007-07-30 11:16:15 -0500, michael.mccormick@wellsfargo.com wrote: >> >>> There are emerging vendors who offer a hardened web browser that >>> only allows the user to access certain pre-vetted web sites. The >>> one I saw demo'd today is based on the Mozilla code base. The UI >>> looks like a stripped-down Firefox. While it's running all other >>> Windows programs (inc. any key loggers or other malware) are more >>> or less suspended. Only SSL communication is allowed. The >>> browser also uses a private DNS server to avoid DNS poisoning and >>> a signed URL list to avoid bookmark poisoning. >> >> I wonder how scalable this actually is, and how much it'll be used. >> I've seen similar approaches demonstrated where the banking platform >> was launched from a read-only Linux distribution (on CD), to defend >> against any possible malware infestation. >> >> Regards, >> -- >> Thomas Roessler, W3C <tlr@w3.org> >> > > > >
Received on Monday, 30 July 2007 19:53:13 UTC