ISSUE-34: Protecting data versus protecting apis

protectingDataOrApis

Protecting data versus protecting apis

State:
CLOSED
Product:
APIs — General
Raised by:
Marcin Hanclik
Opened on:
2009-10-21
Description:
cf http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0193.html
“I think it is important to distinguish between protecting APIs and protecting data.
At present we focus mainly on protection of the APIs.
What about the case that the filesystem API is enabled for everyone, but the rights are related to some paths in the filesystem?
If we just concentrate on protecting APIs, we would probably need to define new APIs for the secure storage case.
So I would rephrase:
"SHOULD provide secure storage and management of secret information, e.g. server login credentials or API keys."
to
"SHOULD provide means to protect or restrict access to the parts of a given file system based on some security model, possibly different from the API security model".
(depending on what we will be able to agree on in the future).

This is the area that has been disputed in BONDI for a long time and there is currently no standardized end-2-end (from developer to policy writer) solution to that.
It is in general the area where the APIs meet security, the coupling is quite tight, although may not be so visible at first sight.”
Related Actions Items:
No related actions
Related emails:
  1. Privacy related issues - next steps (from Frederick.Hirsch@nokia.com on 2011-01-19)
  2. corrected draft minutes 2009-10-21 for approval (v2) (from frederick.hirsch@nokia.com on 2009-10-21)
  3. Draft minutes 2009-10-21 (from frederick.hirsch@nokia.com on 2009-10-21)

Related notes:

[fhirsch]: http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0193.html

21 Oct 2009, 14:29:37

An exchange based security model has been proposed on the list though it's currently not clear whether any requirements have come out of that:

http://lists.w3.org/Archives/Public/public-device-apis/2010Feb/0038.html

Richard Tibbett, 19 Mar 2010, 14:25:10

[fjh]: focus now is privacy by design, not policy framework

15 Mar 2011, 07:36:33

[dom]: WTF??

15 Mar 2011, 07:37:35

Display change log ATOM feed


Anssi Kostiainen <anssi.kostiainen@intel.com>, Reilly Grant <reillyg@google.com>, Chairs, Fuqiao Xue <xfq@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 34.html,v 1.1 2019/11/08 08:58:39 carcone Exp $