On 2015-02-16 07:48, Florian Bösch wrote:
On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloa...@gmail.com
<mailto:noloa...@gmail.com>> wrote:
For the second point, and as a security architect, I regularly reject
browser-based apps that operate on medium and high value data because
we can't place the security controls needed to handle the data. The
browser based apps are fine for low value data.
I'm not sure what "high value data" is. But I'm fairly sure that just about any
e-banking solution in existence is browser based.
Unfortunately this is wrong and is why I started this thread. Mobile banking applications
in Europe are usually featured as "Apps".
This has multiple reasons; one is that there's no way to deal with client-side
PKI and secure key storage in the mobile web.
So I'm guessing your definition of "high value data" doesn't include banking
access. You work for the NSA? Oh snap, the high value data just walked out there on a USB
stick.
:-)
Anders