[owasp-intrinsic-security] FW: OWASP / W3C liaison - requestforcandidate(s) on W3C Workshop on device API security

Sebastien Deleersnyder seba at deleersnyder.eu
Sat Sep 6 11:14:31 EDT 2008


Venki,

I have started a page (part of the ISWG wiki category) on
https://www.owasp.org/index.php/ISWG_-_W3C_Workshop_on_device_API_security

The W3C workshop isn't yet announced publicly since they're building the
program committee.

Basically OWASP needs to appoint a program committee member and put forward
a position paper on the topic once the CFP is made public.

Regards

Seba

-----Original Message-----
From: Venkatesh.Jagannathan at cognizant.com
[mailto:Venkatesh.Jagannathan at cognizant.com] 
Sent: vrijdag 5 september 2008 17:12
To: jim.manico at aspectsecurity.com; seba at deleersnyder.eu;
owasp-intrinsic-security at lists.owasp.org
Subject: RE: [owasp-intrinsic-security] FW: OWASP / W3C liaison -
requestforcandidate(s) on W3C Workshop on device API security


Are we going device specific hare? Or do we want to abstract it out of
device dependency?

I would much prefer the latter...And Seba, please include me in...I have
started working on this now...


BTW, a note to all:

Please address me as Venki (Venkatesh is too long)

Thanks & Regards,
~Venki


-----Original Message-----
From: Jim Manico [mailto:jim.manico at aspectsecurity.com] 
Sent: Friday, September 05, 2008 1:09 AM
To: Sebastien Deleersnyder; owasp-intrinsic-security at lists.owasp.org
Subject: Re: [owasp-intrinsic-security] FW: OWASP / W3C liaison -
requestforcandidate(s) on W3C Workshop on device API security

> " operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

What is better out there for the mobile world? Pure iPhone C++ code?
Java mobile applets? Flash? All of those seem just as bad with their own
unique problems...

- Jim

-----Original Message-----
From: owasp-intrinsic-security-bounces at lists.owasp.org
[mailto:owasp-intrinsic-security-bounces at lists.owasp.org] On Behalf Of
Sebastien Deleersnyder
Sent: Thursday, September 04, 2008 3:37 PM
To: owasp-intrinsic-security at lists.owasp.org
Subject: [owasp-intrinsic-security] FW: OWASP / W3C liaison - request
forcandidate(s) on W3C Workshop on device API security

Hi

Please find the request below from W3C - Thomas.

Frightening:
" operators see JavaScript and HTML as (one of) the most promising
cross-mobile-platform runtime environments"

I'll ask Thomas for more details.

Meanwhile: if you have experience in this field, or want to get
involved:
shout!

If necessary we can spin this off the ISG, or incorporate our
discussions
with W3C.

Regards

Seba


-----Original Message-----
From: Thomas Roessler [mailto:tlr at w3.org] 
Sent: vrijdag 29 augustus 2008 11:20
To: Sebastien Deleersnyder
Subject: Re: OWASP / W3C liaison

Hi Sebastien,

anything new on the OWASP side of thigns?

"access-control" has evolved seriously since we last talked, and is
approaching a last call - probably later this year -; there's also
going to be a workshop late this year about security models for
device APIs that are exposed to widgets, or possibly Web content.

While that sounds nightmarish from a pure security perspective,
there's serious interest in that kind of work (and that kind of API)
in the mobile area; the operators see JavaScript and HTML as (one
of) the most promising cross-mobile-platform runtime environments.

I'm actually wondering whether OWASP would have a good candidate to
sit on the program committee for a workshop on that topic.

Cheers,
-- 
Thomas Roessler, W3C  <tlr at w3.org>  +33-4-89063488






_______________________________________________
owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-intrinsic-security


This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information.
If you are not the intended recipient, please contact the sender by reply
e-mail and destroy all copies of the original message. 
Any unauthorized review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken in reliance on this
e-mail is strictly 
prohibited and may be unlawful.
No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.6.16/1653 - Release Date: 5/09/2008
6:57



More information about the owasp-intrinsic-security mailing list