- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Mon, 30 Jul 2007 16:53:32 -0400
- To: <michael.mccormick@wellsfargo.com>
- Cc: <dan.schutzer@fstc.org>, <tlr@w3.org>, <public-wsc-wg@w3.org>
I think that fails as it creates an idea of a private web. I'm all for single-web-app-specific browsers (note: at an implementation level, these can actually be very small config files which just restrict a loaded instance of a browser) distributed by the party with the trust relationship between the user, should be used as a way of creating a reliable and private communication path. No URL bar, no loading clicks from email, the message becomes "Get the WhateverBank Home Banking Tool and manage your money!" cheers, mike On 30-Jul-07, at 4:34 PM, <michael.mccormick@wellsfargo.com> wrote: > The line is blurry at best. The browser I saw demo'd came pre-loaded > with shortcuts for about 30 popular web sites. It's not specific > to one > site (although it can be packaged that way). So to me it seems > similar > to SBM which also would come with a restricted list of trusted web > sites. > > -----Original Message----- > From: Mike Beltzner [mailto:beltzner@mozilla.com] > Sent: Monday, July 30, 2007 2:53 PM > To: Dan Schutzer > Cc: 'Thomas Roessler'; McCormick, Mike; public-wsc-wg@w3.org > Subject: Re: Authentium > > To be clear, I don't think this is "secure web browsing". I think this > is a "Some Bank's Home Banking Application" that happens to, under the > covers, use the protocols and technologies that we call "the web". > > cheers, > mike > > On 30-Jul-07, at 3:14 PM, Dan Schutzer wrote: > >> I agree that there are a number of vendors, and that the idea of >> talking Secure Web Browsing is that we can scale it up and get the >> mainstream vendors Mozilla, Microsoft etc supporting it. I think the >> timing might be right to start talking seriously as to how we can all >> work together to make this happen; launch some joint W3C/FSTC >> follow-on to the WSC. >> >> Dan Schutzer >> >> -----Original Message----- >> From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg- >> request@w3.org] On Behalf Of Mike Beltzner >> Sent: Monday, July 30, 2007 2:56 PM >> To: Thomas Roessler >> Cc: michael.mccormick@wellsfargo.com; public-wsc-wg@w3.org >> Subject: Re: Authentium >> >> >> Mark Finkle, a Mozilla Technology Evangelist, has produced a set of >> binaries called "WebRunner" which is meant to make it easier to >> produce a HTML client that talks to a single web-application. He >> hasn't done any work vis-a-vis locking it down from a security >> perspective, but we could talk to him about adding that to his >> working list of requirements. >> >> I think there's some value into looking at organizations creating and >> distributing website specific apps, and it fits into a model of "web- >> backed widgetry" which is popular on mobile devices. >> >> cheers, >> mike >> >> On 30-Jul-07, at 1:57 PM, Thomas Roessler wrote: >> >>> >>> (Cutting the CC list down) >>> >>> On 2007-07-30 11:16:15 -0500, michael.mccormick@wellsfargo.com >>> wrote: >>> >>>> There are emerging vendors who offer a hardened web browser that >>>> only allows the user to access certain pre-vetted web sites. The >>>> one I saw demo'd today is based on the Mozilla code base. The UI >>>> looks like a stripped-down Firefox. While it's running all other >>>> Windows programs (inc. any key loggers or other malware) are more >>>> or less suspended. Only SSL communication is allowed. The >>>> browser also uses a private DNS server to avoid DNS poisoning and >>>> a signed URL list to avoid bookmark poisoning. >>> >>> I wonder how scalable this actually is, and how much it'll be used. >>> I've seen similar approaches demonstrated where the banking platform >>> was launched from a read-only Linux distribution (on CD), to defend >>> against any possible malware infestation. >>> >>> Regards, >>> -- >>> Thomas Roessler, W3C <tlr@w3.org> >>> >> >> >> >> > > >
Received on Monday, 30 July 2007 20:53:57 UTC