ISSUE-3: Security concerns around Home Networking APIs

Security concerns around Home Networking APIs

State:
CLOSED
Product:
HOME_NETWORK_TF
Raised by:
Giuseppe Pascale
Opened on:
2011-04-20
Description:
(re-posting for tracking purposes according to the new procedure; previous discussion available at [1]. Please reply to this thread if you have any comment)


Hi all,
we have discussed in several places (workshop, this mailing list, etc) how
important it is to address privacy and security concerns around Home
Networking Technologies.

In order to trigger some discussion, I started a new document about
Security.
The idea behind this document is to collect all reasonable concerns and a
list of possible solutions.
I don't think is in the scope for this TF to decide on one solution, but I
think would be valuable if this group could come up with an analysis and a
list of suggestion for a WG to work on.

The document is as usual available on the wiki
http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Security

I'm sure there are more things that can be written, so feel free to
comment on it and propose extensions or corrections to it.


[1] http://lists.w3.org/Archives/Public/public-web-and-tv/2011Apr/0118.html
Related Actions Items:
No related actions
Related emails:
  1. [HOME_NETWORK_TF] Minutes of teleconference call 2011-09-08 (from fd@w3.org on 2011-08-09)
  2. Re: [HOME_NETWORK_TF] Issue and Requirements Summary (from giuseppep@opera.com on 2011-08-01)
  3. [HOME_NETWORK_TF] Issue and Requirements Summary (from r.berkoff@sisa.samsung.com on 2011-07-26)
  4. RE: Categolize what APIs should be stardized (from hj08.lee@lge.com on 2011-07-04)
  5. Re: Categolize what APIs should be stardized (from fd@w3.org on 2011-07-01)
  6. [HOME_NETWORK_TF] Open Issues for the HNTF (from giuseppep@opera.com on 2011-05-31)
  7. Re: webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from giuseppep@opera.com on 2011-05-02)
  8. RE: webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from r.berkoff@sisa.samsung.com on 2011-05-01)
  9. Re: webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from giuseppep@opera.com on 2011-04-29)
  10. webtv-ISSUE-11: Requirements Document and other deliverables [HOME_NETWORK_TF] (from sysbot+tracker@w3.org on 2011-04-27)
  11. Re: ISSUE-3: Security concerns around Home Networking APIs (from r.berkoff@sisa.samsung.com on 2011-04-26)
  12. webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from sysbot+tracker@w3.org on 2011-04-20)

Related notes:

[Samsung] Security/Privacy for UPnP/DLNA HN devices was a significant concern during the development of CEA-2014-B(Remote UI).

The following measures were implemented:

1. By default pages that accessed HN devices were opened in "sandbox" mode where access to services such as cookies, XHR and Forms that could be used to upload information outside the home were restricted. The page could detect if the browser was in this mode. The UA could designate "trusted" domains where HN pages were permitted full access to UA facilities.

2. HN devices were protected by user-assigned passwords that were stored/managed by the UA. Pages accessing HN devices would be required to provide the correct password to the UA before it would "unlock" page access to HN Methods. Note some methods were non-password protected to allow basic device discovery to take place. The UA was required to expire passwords in which case the page would need to resubmit password to contine to have access to the device.

Russell Berkoff, 22 Apr 2011, 07:26:25

Display change log ATOM feed


Tatsuya Igarashi <Tatsuya.Igarashi@sony.com>, Mark Vickers <mav@mavkt.com>, Chris Needham <chris.needham@bbc.co.uk>, Chairs, Kazuyuki Ashimura <ashimura@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $