On 10.11.2010 10:04, Simon Busch wrote: > On 10.11.2010 09:46, [email protected] wrote: >> 2010/11/10 <[email protected]> >> >>> Hello all, >>> I've a question. I'm currently looking at opimd code with a view to >>> perhaps rewriting it in vala. That, as far as I know, was always on the >>> list >>> of things to do and as an education to myself I thought it might be a >>> usefull >>> exercise. I mean it's not critical as opimd is there and works well so it's >>> a >>> handy starter exercise. >>> >>> Anyhow whilst mulling over things in my head I remebered that in recent >>> weeks >>> Android was hit by the shocking revelation that some installed apps were >>> transmitting Personal Data to remote parties. Then there was the further >>> shocking info that the iPhone suffers from the same problem. >>> >>> I'm thinking that there ain't a whole pile you can do to secure PIM data, >>> especially in an Open Source, implementation. That's what I'm thinking and >>> I'll readily admit that I don't know squat about securing data. It seems to >>> me >>> that the first step to securing the data is saying that only the SHR >>> supplied >>> apps can access this data. That's not really good for choice which is one >>> of >>> the mail advantages of Open Systems. Even if you said that only SHR >>> supplied >>> apps could access this info if the apps source is readily available then >>> you've achieved nothing. >>> >>> >> Hi! >> great thing about open source operating systems (meaning no privative >> apps/parts running on it) Is that you have actually total control on what's >> running there. You can review each program to see if it's using your >> information/data in an undesired way, and decide wheter to install it or >> not. That's a great advantage we have over Android and Iphone. >> >> So, we must keep running only open source programs (which we know doesn't >> contain malware) to be sure nothing unknown is happening under the hood ;) >> >> cracking from networks such as wifi or gsm and similar sploits are another >> subject, which we should thing about too. > > I would even like to see some security mechanism for fsopimd. Maybe like > twitter did it already with client applications with OAuth > (http://oauth.net/) so you have to grant each access to several DBus > interface path before one application can access it. > The best place should be some component which can secure general dbus > access for all applications (maybe a fsopolicyd). > > regards, > morphis
Take a look at this: http://moblin.org/projects/policy-based-access-control I would prefer this way of doing authentication for the application. So the fsopimd has to ask policykit for authentication of the client against fsopimd. If it is not authentication policykit notifies this to our fsosecurityd daemon which provides an interface for the user to manage all the authentications in a FSO way but interacts with policykitd in the end. regards, morphis _______________________________________________ Shr-devel mailing list [email protected] http://lists.shr-project.org/mailman/listinfo/shr-devel
