Re: ENISA Smartphone security study

Wed, 19 May 2010 10:24:58 -0700 

Hi Giles,
The specifications in scope for the WebApplications WG are "platform" neutral and device independent. As such, I do not foresee the WG creating an "official" position on this "Smartphone questionnaire" since most of the questions are not in scope for WebApps. 


I presume it would be OK for individuals and/or W3C Member companies to 
submit comments. Would you please confirm if that is acceptable or not? 
Also, please send us the Public URL where comments for this "study" are 
archived.



Regarding the list of questions, I (speaking as an individual) have the 
following comments:



* The following questions are generally out of scope for WebApps: #1, 
#4, #5, #6, #8, #9, #11.



* The Digital Signature for Widgets spec can be viewed as applicable for 
#2 and #3.



* Several of our specs (e.g. CORS, UMP, Widget Interface) include 
Security Considerations that are relevant for #7 (but specific 
"channels" are not in scope).



* The proposed Web Notifications will define an alerting mechanism that 
may be relevant to #10 (e.g. the spec defines generic alerting mechanisms).



For a list of WG's specifications in progress, please see the 
publication status tables at:


  http://www.w3.org/2008/webapps/wiki/PubStatus

-Regards, Art Barstow


On 5/19/10 10:27 AM, ext Giles Hogben wrote:

Hi,
I am a security expert at ENISA (the European Network and Information Security 
Agency). We conducting a study on smartphone security and would like to have 
input from the Web Apps WG via the attached questionnaire, as well as reviewing 
of drafts of the study when it is ready. The questionnaire also explains the 
goals of the project. Would it be possible to have an official position from 
the WG?

Some other points about the study are:

- If necessary, we will hold a number of conference calls to clarify specific 
issues.
- No information which regards sensitive corporate IP will be expected or 
published.
- Contributor names/organisations will be used on the final report only with 
consent

Thanks,

Giles Hogben


Dr Giles Hogben
Network Security Policy Expert
European Network&  Information Security Agency (ENISA)


   

























					Reply via email to