[owasp-intrinsic-security] FW: OWASP / W3C liaison - requestforcandidate(s) on W3C Workshop on device API security

Venkatesh.Jagannathan at cognizant.com Venkatesh.Jagannathan at cognizant.com
Fri Sep 5 11:11:48 EDT 2008


Are we going device specific hare? Or do we want to abstract it out of
device dependency?

I would much prefer the latter...And Seba, please include me in...I have
started working on this now...


BTW, a note to all:

Please address me as Venki (Venkatesh is too long)

Thanks & Regards,
~Venki


-----Original Message-----
From: Jim Manico [mailto:jim.manico at aspectsecurity.com] 
Sent: Friday, September 05, 2008 1:09 AM
To: Sebastien Deleersnyder; owasp-intrinsic-security at lists.owasp.org
Subject: Re: [owasp-intrinsic-security] FW: OWASP / W3C liaison -
requestforcandidate(s) on W3C Workshop on device API security

> " operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

What is better out there for the mobile world? Pure iPhone C++ code?
Java mobile applets? Flash? All of those seem just as bad with their own
unique problems...

- Jim

-----Original Message-----
From: owasp-intrinsic-security-bounces at lists.owasp.org
[mailto:owasp-intrinsic-security-bounces at lists.owasp.org] On Behalf Of
Sebastien Deleersnyder
Sent: Thursday, September 04, 2008 3:37 PM
To: owasp-intrinsic-security at lists.owasp.org
Subject: [owasp-intrinsic-security] FW: OWASP / W3C liaison - request
forcandidate(s) on W3C Workshop on device API security

Hi

Please find the request below from W3C - Thomas.

Frightening:
" operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

I'll ask Thomas for more details.

Meanwhile: if you have experience in this field, or want to get
involved:
shout!

If necessary we can spin this off the ISG, or incorporate our
discussions
with W3C.

Regards

Seba


-----Original Message-----
From: Thomas Roessler [mailto:tlr at w3.org] 
Sent: vrijdag 29 augustus 2008 11:20
To: Sebastien Deleersnyder
Subject: Re: OWASP / W3C liaison

Hi Sebastien,

anything new on the OWASP side of thigns?

"access-control" has evolved seriously since we last talked, and is
approaching a last call - probably later this year -; there's also
going to be a workshop late this year about security models for
device APIs that are exposed to widgets, or possibly Web content.

While that sounds nightmarish from a pure security perspective,
there's serious interest in that kind of work (and that kind of API)
in the mobile area; the operators see JavaScript and HTML as (one
of) the most promising cross-mobile-platform runtime environments.

I'm actually wondering whether OWASP would have a good candidate to
sit on the program committee for a workshop on that topic.

Cheers,
-- 
Thomas Roessler, W3C  <tlr at w3.org>  +33-4-89063488






_______________________________________________
owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-intrinsic-security


This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. 
Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly 
prohibited and may be unlawful.


More information about the owasp-intrinsic-security mailing list