- From: Nathan <nathan@webr3.org>
- Date: Tue, 08 Mar 2011 13:57:16 +0000
- To: jeff@sayremedia.com
- CC: WebID XG <public-xg-webid@w3.org>
Jeff Sayre wrote: >>> Can a WebID help sufficiently in alleviating those concerns so >>> that enterprise apps even consider leveraging HTML5's >>> client-side processing and storage features? > > I do understand the benefits a WebID offers but we need to make sure that > we consider as many reasonable security concerns that an enterprise owner > may have with client-side storage and processing and clearly demonstrate > how a WebID can alleviate those concerns. > > Perhaps this is a moot point. But as I'm working on use cases, I need to > make sure that I am looking at the picture from both sides--from that of > the user and from that of the enterprise (website) owner. To succeed in > our efforts, we need the enterprise owners to adopt the WebID. It's far from moot, there are some very key security considerations in this respect, especially taking in to account cross-origin requests, confused deputy attacks, and ultimately what happens when you remove the silk screen of supposed security the current browser security models implement (no offense to our browser friends). I've briefly written on the topic here: http://lists.w3.org/Archives/Public/www-tag/2011Feb/0017.html But will reply later on today after meeting etc with how it relates to WebID. Actually, I may be better to get used to wiki writing rather thane everything in email! Will reply in due course anyway. Best, Nathan
Received on Tuesday, 8 March 2011 13:58:09 UTC