[owasp-intrinsic-security] FW: OWASP / W3C liaison - request forcandidate(s) on W3C Workshop on device API security

Jim Manico jim.manico at aspectsecurity.com
Thu Sep 4 15:38:33 EDT 2008


> " operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

What is better out there for the mobile world? Pure iPhone C++ code?
Java mobile applets? Flash? All of those seem just as bad with their own
unique problems...

- Jim

-----Original Message-----
From: owasp-intrinsic-security-bounces at lists.owasp.org
[mailto:owasp-intrinsic-security-bounces at lists.owasp.org] On Behalf Of
Sebastien Deleersnyder
Sent: Thursday, September 04, 2008 3:37 PM
To: owasp-intrinsic-security at lists.owasp.org
Subject: [owasp-intrinsic-security] FW: OWASP / W3C liaison - request
forcandidate(s) on W3C Workshop on device API security

Hi

Please find the request below from W3C - Thomas.

Frightening:
" operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

I'll ask Thomas for more details.

Meanwhile: if you have experience in this field, or want to get
involved:
shout!

If necessary we can spin this off the ISG, or incorporate our
discussions
with W3C.

Regards

Seba


-----Original Message-----
From: Thomas Roessler [mailto:tlr at w3.org] 
Sent: vrijdag 29 augustus 2008 11:20
To: Sebastien Deleersnyder
Subject: Re: OWASP / W3C liaison

Hi Sebastien,

anything new on the OWASP side of thigns?

"access-control" has evolved seriously since we last talked, and is
approaching a last call - probably later this year -; there's also
going to be a workshop late this year about security models for
device APIs that are exposed to widgets, or possibly Web content.

While that sounds nightmarish from a pure security perspective,
there's serious interest in that kind of work (and that kind of API)
in the mobile area; the operators see JavaScript and HTML as (one
of) the most promising cross-mobile-platform runtime environments.

I'm actually wondering whether OWASP would have a good candidate to
sit on the program committee for a workshop on that topic.

Cheers,
-- 
Thomas Roessler, W3C  <tlr at w3.org>  +33-4-89063488






_______________________________________________
owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-intrinsic-security


More information about the owasp-intrinsic-security mailing list