[owasp-intrinsic-security] FW: OWASP / W3C liaison - requestforcandidate(s) on W3C Workshop on device API security

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Thu Sep 4 15:59:00 EDT 2008


True, but the measurable attack surface I think will be smaller.
 
Sebastien, I don't think we need to spin off the ISWG - we can get all the different people interested in HTML5 (now would be a good time to announce your interest) to start talking on or off list. The model for the ISWG involves "point people" for a particular technology. Having lots of sub-groups would lead to general inactivity, I think.
 
I think we should send a general email to the OWASP lists calling for researchers to get together with the ISWG since this was really the issue we wanted to start the group for.
 
Arshan
 
PS Anybody willing to work on these design issues with the W3C (besides me)?


________________________________

From: owasp-intrinsic-security-bounces at lists.owasp.org on behalf of Jim Manico
Sent: Thu 9/4/2008 3:38 PM
To: Sebastien Deleersnyder; owasp-intrinsic-security at lists.owasp.org
Subject: Re: [owasp-intrinsic-security] FW: OWASP / W3C liaison - requestforcandidate(s) on W3C Workshop on device API security



> " operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

What is better out there for the mobile world? Pure iPhone C++ code?
Java mobile applets? Flash? All of those seem just as bad with their own
unique problems...

- Jim

-----Original Message-----
From: owasp-intrinsic-security-bounces at lists.owasp.org
[mailto:owasp-intrinsic-security-bounces at lists.owasp.org] On Behalf Of
Sebastien Deleersnyder
Sent: Thursday, September 04, 2008 3:37 PM
To: owasp-intrinsic-security at lists.owasp.org
Subject: [owasp-intrinsic-security] FW: OWASP / W3C liaison - request
forcandidate(s) on W3C Workshop on device API security

Hi

Please find the request below from W3C - Thomas.

Frightening:
" operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

I'll ask Thomas for more details.

Meanwhile: if you have experience in this field, or want to get
involved:
shout!

If necessary we can spin this off the ISG, or incorporate our
discussions
with W3C.

Regards

Seba


-----Original Message-----
From: Thomas Roessler [mailto:tlr at w3.org]
Sent: vrijdag 29 augustus 2008 11:20
To: Sebastien Deleersnyder
Subject: Re: OWASP / W3C liaison

Hi Sebastien,

anything new on the OWASP side of thigns?

"access-control" has evolved seriously since we last talked, and is
approaching a last call - probably later this year -; there's also
going to be a workshop late this year about security models for
device APIs that are exposed to widgets, or possibly Web content.

While that sounds nightmarish from a pure security perspective,
there's serious interest in that kind of work (and that kind of API)
in the mobile area; the operators see JavaScript and HTML as (one
of) the most promising cross-mobile-platform runtime environments.

I'm actually wondering whether OWASP would have a good candidate to
sit on the program committee for a workshop on that topic.

Cheers,
--
Thomas Roessler, W3C  <tlr at w3.org>  +33-4-89063488






_______________________________________________
owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-intrinsic-security
_______________________________________________
owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-intrinsic-security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-intrinsic-security/attachments/20080904/346d5afa/attachment.html 


More information about the owasp-intrinsic-security mailing list