[owasp-intrinsic-security] FW: OWASP / W3C liaison - requestforcandidate(s) on W3C Workshop on device API security

Sebastien Deleersnyder seba at deleersnyder.eu
Thu Sep 4 17:21:00 EDT 2008


All,

 

Extra information from Thomas:

"The basic scope will be to talk about security models for device APIs, as
they are made available to Web technologies.

Our workshops are open to the public, but every participant must have
submitted a (possibly short) position paper.

Based on the submitted papers, the program committee then puts selects those
who will present; generally, presentations are picked for their value as
discussion starters.  A typical session will have some 45-60min presentation
time (including questions for clarification), and then 30-45 minutes of
discussion among all participants.

Program commitee duties include review of position papers and help with
outreach for the workshop; it is also common for porgram committee members
to submit papers themselves (and even end up speaking)."

 

workshop timing / location:

"Early December; probably either London or US West Coast.  We're still
working out the details of that."

 

Robert Hansen already showed interest. All extra people/support is welcome.

 

I second the general email idea!

 

Regards

 

Seba

 

  _____  

From: Arshan Dabirsiaghi [mailto:arshan.dabirsiaghi at aspectsecurity.com] 
Sent: donderdag 4 september 2008 21:59
To: Jim Manico; Sebastien Deleersnyder;
owasp-intrinsic-security at lists.owasp.org
Subject: RE: [owasp-intrinsic-security] FW: OWASP / W3C liaison -
requestforcandidate(s) on W3C Workshop on device API security

 

True, but the measurable attack surface I think will be smaller.

 

Sebastien, I don't think we need to spin off the ISWG - we can get all the
different people interested in HTML5 (now would be a good time to announce
your interest) to start talking on or off list. The model for the ISWG
involves "point people" for a particular technology. Having lots of
sub-groups would lead to general inactivity, I think.

 

I think we should send a general email to the OWASP lists calling for
researchers to get together with the ISWG since this was really the issue we
wanted to start the group for.

 

Arshan

 

PS Anybody willing to work on these design issues with the W3C (besides me)?

 

  _____  

From: owasp-intrinsic-security-bounces at lists.owasp.org on behalf of Jim
Manico
Sent: Thu 9/4/2008 3:38 PM
To: Sebastien Deleersnyder; owasp-intrinsic-security at lists.owasp.org
Subject: Re: [owasp-intrinsic-security] FW: OWASP / W3C liaison -
requestforcandidate(s) on W3C Workshop on device API security

> " operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

What is better out there for the mobile world? Pure iPhone C++ code?
Java mobile applets? Flash? All of those seem just as bad with their own
unique problems...

- Jim

-----Original Message-----
From: owasp-intrinsic-security-bounces at lists.owasp.org
[mailto:owasp-intrinsic-security-bounces at lists.owasp.org] On Behalf Of
Sebastien Deleersnyder
Sent: Thursday, September 04, 2008 3:37 PM
To: owasp-intrinsic-security at lists.owasp.org
Subject: [owasp-intrinsic-security] FW: OWASP / W3C liaison - request
forcandidate(s) on W3C Workshop on device API security

Hi

Please find the request below from W3C - Thomas.

Frightening:
" operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

I'll ask Thomas for more details.

Meanwhile: if you have experience in this field, or want to get
involved:
shout!

If necessary we can spin this off the ISG, or incorporate our
discussions
with W3C.

Regards

Seba


-----Original Message-----
From: Thomas Roessler [mailto:tlr at w3.org]
Sent: vrijdag 29 augustus 2008 11:20
To: Sebastien Deleersnyder
Subject: Re: OWASP / W3C liaison

Hi Sebastien,

anything new on the OWASP side of thigns?

"access-control" has evolved seriously since we last talked, and is
approaching a last call - probably later this year -; there's also
going to be a workshop late this year about security models for
device APIs that are exposed to widgets, or possibly Web content.

While that sounds nightmarish from a pure security perspective,
there's serious interest in that kind of work (and that kind of API)
in the mobile area; the operators see JavaScript and HTML as (one
of) the most promising cross-mobile-platform runtime environments.

I'm actually wondering whether OWASP would have a good candidate to
sit on the program committee for a workshop on that topic.

Cheers,
--
Thomas Roessler, W3C  <tlr at w3.org>  +33-4-89063488






_______________________________________________
owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-intrinsic-security
_______________________________________________
owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-intrinsic-security

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.6.16/1650 - Release Date: 4/09/2008
6:57


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-intrinsic-security/attachments/20080904/48c3c4d2/attachment-0001.html 


More information about the owasp-intrinsic-security mailing list