Notes from security-ws-pp-2008.
Note the business models and stake holders involved in these services. Do not ignore them! Do operators want to manage security of the devices or will they allow delegation models to third parties?
Fine grained is needed in some cases. You don’t just want to connect to the Internet. You want to connect to a specific site and service. Though if users don’t understand URLs, the application or firewall needs to manage this.
Support for multiple signatures. Signatures are about authenticity, not trust. A system hopefully can help show how true (assurance) it is that someone claims to be who he is.
Signatures give the ability to revoke the application. Use case: Application goes bad. i.e. easily blacklist an identity remotely.
Accounting is for logging trusted events. Being accountable is about measuring identity, usually a precursor to trust. Trust is anchored on identity.
APIs must be specific (Geolocation), not general (DCCI).
OTA updates are important. If fail, fail secure.
Being able to push security updates are very important. However there must be a streamlined process for how these are delivered. For example we can’t have certain operators/carriers slowing down the process with a QA process of their own.
Numerous studies show prompts do not work!
Meaningful and undo-ability. The policy manager must be at hand always and remotely from different devices.
Meaningful in the sense if one needs to take a picture, do not prompt for permission for example when there is a physical shutter click on the device!
The WebVM security system has to remember and track settings of controls. Controls will probably need some UUID.
You need tiered groups of permissions. Otherwise different permissions will result in a permutation explosion.
Separation of authenticity and trust. Map attributes to trust domains.
Identity needs to be accountable. Reputation too?
Trust ~~ Goodness
Must have a Untrusted and Trusted context.
It’s important that we are able to delegate trust decesions to the community.
DNS risks can be mitigated by requiring SSL.
Also see ?security for more notes.