-Original Message-
From: Jonas Sicking [mailto:jo...@sicking.cc]
Sent: Wednesday, November 18, 2009 9:15 PM
To: David Rogers
Cc: Maciej Stachowiak; Marcin Hanclik; Dominique Hazael-Massieux; Robin Berjon;
public-device-a...@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename
...@apple.com]
Sent: Thursday, November 19, 2009 2:20 AM
To: Frederick Hirsch
Cc: ext Jonas Sicking; David Rogers; Marcin Hanclik; Dominique Hazael-Massieux;
Robin Berjon; public-device-a...@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader API?)
On Nov 18
-Original Message-
From: Adam Barth [mailto:w...@adambarth.com]
Sent: Thursday, November 19, 2009 8:42 AM
To: Marcin Hanclik
Cc: Maciej Stachowiak; Dominique Hazael-Massieux; Robin Berjon;
public-device-a...@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader
Le jeudi 19 novembre 2009 à 22:39 +1300, Robert O'Callahan a écrit :
The abstraction of the security concerns within a policy may
allow delegation of the security to some third parties.
There are usually no third parties to delegate to.
That’s true to a certain extent, but a
On Thu, Nov 19, 2009 at 10:52 PM, Dominique Hazael-Massieux d...@w3.orgwrote:
Le jeudi 19 novembre 2009 à 22:39 +1300, Robert O'Callahan a écrit :
There are usually no third parties to delegate to.
That’s true to a certain extent, but a reason for that might well be
that the Web platform
On Thu, Nov 19, 2009 at 1:08 AM, Marcin Hanclik
marcin.hanc...@access-company.com wrote:
Hi Jonas,
I think that it all depends on the user or the abstraction that we seem to
have about the user.
We can take the analogy to the operating system.
OS may e.g. not be writable for the user, may
;
Robin Berjon; public-device-a...@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader API?)
On Thu, Nov 19, 2009 at 10:08 PM, Marcin Hanclik
marcin.hanc...@access-company.commailto:marcin.hanc...@access-company.com
wrote:
The default settings within
Message-
From: Jonas Sicking [mailto:jo...@sicking.cc]
Sent: Thursday, November 19, 2009 11:11 AM
To: Marcin Hanclik
Cc: David Rogers; Maciej Stachowiak; Dominique Hazael-Massieux; Robin Berjon;
public-device-a...@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename File API
; David Rogers; Marcin Hanclik; Dominique
Hazael-Massieux; Robin Berjon; public-device-a...@w3.org; public-webapps
WG
Subject: Re: DAP and security (was: Rename File API to FileReader
API?)
On Nov 18, 2009, at 5:13 PM, Frederick Hirsch wrote:
This is a good point, and an argument for policy rather
(was: Rename File API to FileReader
API?)
On Wed, Nov 18, 2009 at 5:27 AM, David Rogers david.rog...@omtp.org
wrote:
Hi Maciej,
From my side I'd like to understand what your thoughts and proposals
for file writing security / policy would entail - would you defer the
decision responsibility to the user
-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader API?)
On Wed, Nov 18, 2009 at 6:16 AM, Marcin Hanclik
marcin.hanc...@access-company.com wrote:
The first step is to have the security concerns.
The widget environment, BONDI etc. then encode them somehow (e.g. as device
and security (was: Rename File API to FileReader API?)
Le jeudi 19 novembre 2009 à 22:39 +1300, Robert O'Callahan a écrit :
The abstraction of the security concerns within a policy may
allow delegation of the security to some third parties.
There are usually no third parties
Subject: Re: DAP and security (was: Rename File API to FileReader API?)
On Thu, Nov 19, 2009 at 10:52 PM, Dominique Hazael-Massieux d...@w3.org wrote:
Le jeudi 19 novembre 2009 à 22:39 +1300, Robert O'Callahan a écrit :
There are usually no third parties to delegate
On Thu, Nov 19, 2009 at 11:54 PM, David Rogers david.rog...@omtp.orgwrote:
*From:* rocalla...@gmail.com [mailto:rocalla...@gmail.com] *On Behalf Of
*Robert
O'Callahan
On Thu, Nov 19, 2009 at 10:52 PM, Dominique Hazael-Massieux d...@w3.org
wrote:
Le jeudi 19 novembre 2009 à 22:39 +1300,
(was: Rename File API to FileReader
API?)
On Thu, Nov 19, 2009 at 1:08 AM, Marcin Hanclik
marcin.hanc...@access-company.com wrote:
Hi Jonas,
I think that it all depends on the user or the abstraction that we
seem to have about the user.
We can take the analogy to the operating system.
OS may e.g
and security (was: Rename File API to FileReader API?)
On Thu, Nov 19, 2009 at 11:54 PM, David Rogers david.rog...@omtp.org wrote:
From: rocalla...@gmail.com [mailto:rocalla...@gmail.com] On Behalf Of
Robert O'Callahan
On Thu, Nov 19, 2009 at 10:52 PM, Dominique
Hazael-Massieux; Robin Berjon;
public-device-a...@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader API?)
I'm skeptical that this approach will lead to a secure API for file
access. Abstracting the problem doesn't make the security challenges
any
; Robin
Berjon; public-device-a...@w3.org; public-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader
API?)
Third, we'll have to spend efforts maintaining the code, even though
it benefits only a small number of people. For example if a buffer
overflow bug is found we'll
2009/11/12 Dominique Hazael-Massieux d...@w3.org:
Le mardi 10 novembre 2009 à 17:47 -0800, Maciej Stachowiak a écrit :
I would be concerned with leaving file writing to DAP, because a
widely held view in DAP seems to be that security can be ignored while
designing APIs and added back later
+1
APIs - specifically their design - shall be specified tightly with the security
model in mind to make them both easy to use and effective.
This is what makes the whole task that difficult.
Thanks,
Marcin
Marcin Hanclik
ACCESS Systems Germany GmbH
Tel: +49-208-8290-6452 | Fax:
OK, I will take your word for it that security is an important
consideration for DAP. But while at the TPAC, I heard more than one
DAP participant say, when faced with a potential security concern,
something like can't we just leave that up to the policy? In one
case when I enquired
[mailto:public-device-apis-requ...@w3.org] On Behalf Of Maciej Stachowiak
Sent: 18 November 2009 12:35
To: Marcin Hanclik
Cc: Dominique Hazael-Massieux; Robin Berjon; public-device-a...@w3.org;
public-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader API?)
OK, I will take your
...@access-company.com
-Original Message-
From: Maciej Stachowiak [mailto:m...@apple.com]
Sent: Wednesday, November 18, 2009 1:35 PM
To: Marcin Hanclik
Cc: Dominique Hazael-Massieux; Robin Berjon; public-device-a...@w3.org;
public-webapps WG
Subject: Re: DAP and security (was: Rename File
...@w3.org] On Behalf Of Maciej Stachowiak
Sent: Wednesday, November 18, 2009 4:35 AM
To: Marcin Hanclik
Cc: Dominique Hazael-Massieux; Robin Berjon; public-device-a...@w3.org;
public-webapps WG
Subject: Re: DAP and security (was: Rename File API to FileReader API?)
OK, I will take your word
On Wed, Nov 18, 2009 at 5:27 AM, David Rogers david.rog...@omtp.org wrote:
Hi Maciej,
From my side I'd like to understand what your thoughts and proposals for
file writing security / policy would entail - would you defer the decision
responsibility to the user via a prompt?
From my point
This is a good point, and an argument for policy rather than
implicit user consent, if I'm not mistaken. It highlights that
usability might also be an issue with the non-modal interaction
model, as well as not always be very meaningful (since I the user
might have no idea what most
On Nov 18, 2009, at 5:13 PM, Frederick Hirsch wrote:
This is a good point, and an argument for policy rather than
implicit user consent, if I'm not mistaken. It highlights that
usability might also be an issue with the non-modal interaction
model, as well as not always be very meaningful
27 matches
Mail list logo
