W3C Workshop on Security for Access to Device APIs - London, December 10-11

[sorry for the cross-posting, please don't reply-to-all]

Hello,

W3C just announced a call for participation to a Workshop on security
for access to device APIs from the Web, in London on December 10-11
2008.
http://www.w3.org/2008/security-ws/

A W3C Workshop is an opportunity for any interested parties to interact
and exchange ideas on the topics under discussion. W3C Membership is NOT
required to participate in a W3C Workshop.

This workshop will focus on the *security challenges* involved in
allowing Web applications and widgets to access the APIs that allow to
control devices features such as cameras, GPS systems, connectivity and
battery levels, external applications launch, access to personal data
(e.g. calendar or addressbook), etc, not traditionally available from
the Web environment.

To participate to this workshop, interested parties need to submit a
position paper relevant to this topic before *October 30 2008* to
team-secure-web@w3.org. These position papers will be reviewed by the
workshop program committee, and will serve as a basis for the agenda of
the two days workshop. Submitters will be notified of acceptance of
their papers by November 17.

A position paper should:
  * explain your interest in the Workshop
      * be aligned with the Workshop's stated goals
      * be 5 to 10 pages long (2000 - 4000 words)
      * be formatted in (valid) HTML/XHTML, PDF, or plain text

Interested parties are invited to inform the workshop organizers that
they are planning to submit a position paper by sending as soon as
possible an expression of interest to team-secure-web@w3.org, including
the number of persons from their organizations that are planning to
attend the workshop.

Topics in scope for the workshop include:
      * Existing frameworks on desktop and mobile platforms to regulate
        security policies for specific APIs,
      * Similarities and differences of the security approaches in
        desktop and mobile platforms, in a browser and in a widgets
        environment,
      * Usability of security relevant user interactions; issues and
        opportunities in the mobile environment,
      * Safe language and API subsets, and models for application use of
        such subsets,
      * Policy based trust delegation mechanisms,
      * Reducing the attack surface exposed by Web page scripts
      * Role of authentication of users and applications in securing API
        access,
      * Increasing awareness of good security practices for Web
        applications,
      * Usability of security and privacy policies

The discussions at this workshop are expected to be relevant in
particular to the following W3C Working Groups:
      * Web Applications Working Group
      * Geolocation Working Group
      * Ubiquitous Web Applications Working Group
      * HTML Working Group
      * Web Security Context Working Group

Should you have any question, please contact Dominique Hazael-Massieux
<dom@w3.org>.

Regards,

Dom

Received on Tuesday, 30 September 2008 15:21:15 UTC