[OpenAjaxMobile] Call for Participation for W3C Workshop on Security for Access to Device APIs from the Web

Tue Sep 30 10:32:45 PDT 2008

There is a lot of industry activity around Mobile Device APIs, which allows
the Web Runtime to access device services such as location, address book,
phone dialer, file system, and many other things. The idea is that you
should be able to use HTML+JS to do the sorts of things you can do with C++
or Java, and you should allow web pages to do the same sorts of things you
can do with installed applications. However, all of this flexibility raises
security concerns. To discuss these security concerns, the W3C and OMTP are
co-sponsoring an industry workshop on Dec 10-11 in London.

I encourage people to submit position papers and attend the workshop. I am
planning to draft an OpenAjax Alliance position paper for this workshop and
attend the workshop.

Jon

----- Forwarded by Jon Ferraiolo/Menlo Park/IBM on 09/30/2008 10:25 AM
-----

             Dominique                                                     
             Hazael-Massieux                                               
             <dom at w3.org>                                               To 
             Sent by:                  team-secure-web-pc at w3.org           
             team-secure-web-p                                          cc 
             c-request at w3.org                                              
                                                                   Subject 
                                       Call for Participation Announced    
             09/30/2008 08:11                                              
             AM                                                            

Hello,

The Call for Participation has now been officially published by W3C:
http://www.w3.org/
http://www.w3.org/2008/security-ws/

This means you can now start advertizing the workshop among your
communities; please find below a draft message that can serve as a basis
for inviting people to participate to the workshop.

It is really important that we attract all the important industry
players to this workshop if we want to make it a successful event, and
I'm hoping you will be able to help us make it happen!

Thanks,

Dom

------------------
W3C just announced a call for participation to a Workshop on security
for access to device APIs from the Web, in London on December 10-11
2008.
http://www.w3.org/2008/security-ws/

A W3C Workshop is an opportunity for any interested parties to interact
and exchange ideas on the topics under discussion. W3C Membership is NOT
required to participate in a W3C Workshop.

This workshop will focus on the *security challenges* involved in
allowing Web applications and widgets to access the APIs that allow to
control devices features such as cameras, GPS systems, connectivity and
battery levels, external applications launch, access to personal data
(e.g. calendar or addressbook), etc, not traditionally available from
the Web environment.

To participate to this workshop, interested parties need to submit a
position paper relevant to this topic before *October 30 2008* to
team-secure-web at w3.org. These position papers will be reviewed by the
workshop program committee, and will serve as a basis for the agenda of
the two days workshop. Submitters will be notified of acceptance of
their papers by November 17.

A position paper should:
  * explain your interest in the Workshop
      * be aligned with the Workshop's stated goals
      * be 5 to 10 pages long (2000 - 4000 words)
      * be formatted in (valid) HTML/XHTML, PDF, or plain text

Interested parties are invited to inform the workshop organizers that
they are planning to submit a position paper by sending as soon as
possible an expression of interest to team-secure-web at w3.org, including
the number of persons from their organizations that are planning to
attend the workshop.

Topics in scope for the workshop include:
      * Existing frameworks on desktop and mobile platforms to regulate
        security policies for specific APIs,
      * Similarities and differences of the security approaches in
        desktop and mobile platforms, in a browser and in a widgets
        environment,
      * Usability of security relevant user interactions; issues and
        opportunities in the mobile environment,
      * Safe language and API subsets, and models for application use of
        such subsets,
      * Policy based trust delegation mechanisms,
      * Reducing the attack surface exposed by Web page scripts
      * Role of authentication of users and applications in securing API
        access,
      * Increasing awareness of good security practices for Web
        applications,
      * Usability of security and privacy policies

The discussions at this workshop are expected to be relevant in
particular to the following W3C Working Groups:
      * Web Applications Working Group
      * Geolocation Working Group
      * Ubiquitous Web Applications Working Group
      * HTML Working Group
      * Web Security Context Working Group

Should you have any question, please contact Dominique Hazael-Massieux
<dom at w3.org>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/mobile/attachments/20080930/143676a0/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic27018.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
Url : http://openajax.org/pipermail/mobile/attachments/20080930/143676a0/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : http://openajax.org/pipermail/mobile/attachments/20080930/143676a0/attachment-0001.gif 