Re: HTML5 Fat-client Issues and WebID from Jeff Sayre on 2011-03-07 (public-xg-webid@w3.org from March 2011)

From: Jeff Sayre <jeff@sayremedia.com>
Date: Mon, 7 Mar 2011 15:33:57 -0800
To: "Melvin Carvalho" <melvincarvalho@gmail.com>
Cc: "WebID XG" <public-xg-webid@w3.org>
Message-ID: <745006fa9280601bd746392412a0c30a.squirrel@webmail.sayremedia.com>

I am aware of the webid.info site but did not know that it uses
client-side storage and Web Sockets.

The question I have is, as it at least pertains to enterprise apps, what
are the security risks of trusting browser-processed data? Can a WebID
help sufficiently in alleviating those concerns so that enterprise apps
even consider leveraging HTML5's client-side processing and storage
features?

I realize that it is possible to offer some semblance of security, but
what are the issues that we need to consider, to address in this scenario?

Jeff

> Hi Jeff
>
> Just wondering if you have looked at the demo at
>
> http://webid.info/
>
> Uses .js crypto, client side storage and sockets ...
>
> Best
> Melvin
>
> On 7 March 2011 22:37, Jeff Sayre <jeff@sayremedia.com> wrote:
>> As I was working on the WebID use cases document this afternoon, it
>> occurred to me that we will soon see HTML5-powered applications offering
>> client-side data storage and processing using HTML5’s Web Storage and
>> Web
>> SQL Database APIs. We need to consider the implications.
>>
>> What will it mean for WebID as Web applications can be built that
>> persist
>> data entirely on the client, or at least store data on the client for
>> processing and even offline consumption?
>>
>> HTML5 will in essence make it possible to preserve state and allow for
>> application processing to occur on client-side devices. Instead of a fat
>> application server entirely responsible for CRUD operations, it will be
>> possible to create web apps that turn browsers into fat-clients.
>>
>> Is there a way for WebID to allow for enterprise applications to trust
>> the
>> browser to process application logic securely?
>>
>> I searched W3C resources to see what I could find regarding the new
>> HTML5
>> client-side storage specifications. I found this defunct W3C XG (
>> http://www.w3.org/TR/webdatabase/ ) that has splintered into two active
>> groups: http://www.w3.org/TR/webstorage/ and
>> http://www.w3.org/TR/IndexedDB/ However, this are not directly tied to
>> the
>> HTML5 specification.
>>
>> On a side note, I want to draw attention to an important potential point
>> of confusion. The above two specifications (working drafts) both refer
>> extensively to the Web interface definition language called WebIDL (
>> http://www.w3.org/TR/2008/WD-WebIDL-20081219/ ). This is disconcertingly
>> close to the name of our effort--WebID.
>>
>> We need to be cognizant of the fact that some people may confuse these
>> terms. When appropriate, we need to make our best effort to clearly
>> distinguish our work from this nearly-identical nomenclature that refers
>> to something vastly different.
>>
>> Jeff
>>
>>
>>
>

Received on Monday, 7 March 2011 23:35:07 UTC