Comments on: Application trust models; Expanding Web applications out of the sandbox http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox blogging about life, the universe, and everything tech Fri, 04 May 2012 14:57:05 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: Alyysa http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox/comment-page-1#comment-40061 Alyysa Fri, 05 Dec 2008 16:38:35 +0000 http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox#comment-40061 Thanks for the great post, I started my career in nursing after finishing a associate degree in nursing from <a href="http://www.associatedegreenursingschools.com" rel="nofollow">associate degree nursing schools</a> Thanks for the great post, I started my career in nursing after finishing a associate degree in nursing from associate degree nursing schools

]]> By: C. Enrique Ortiz http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox/comment-page-1#comment-40056 C. Enrique Ortiz Tue, 02 Dec 2008 19:50:18 +0000 http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox#comment-40056 first, great winter photo above; gorgeous place. agree a new permission model is needed and it applies for local/native and web. android when you download/install you give permissions right there, one, which is not painful. On the web w/ access to local (I'm talking about mobile here) security issues will exist, but we should ask the user *once*. ...and I really like the idea of having like a grand view "monitor" of some kind that gives you visual hints on what apps are doing... ceo first, great winter photo above; gorgeous place.

agree a new permission model is needed and it applies for local/native and web. android when you download/install you give permissions right there, one, which is not painful. On the web w/ access to local (I’m talking about mobile here) security issues will exist, but we should ask the user *once*.

…and I really like the idea of having like a grand view “monitor” of some kind that gives you visual hints on what apps are doing…

ceo

]]> By: dion http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox/comment-page-1#comment-40051 dion Mon, 01 Dec 2008 18:17:42 +0000 http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox#comment-40051 Michael, Totally agree. Excited to see how things progress. Cheers, Dion Michael,

Totally agree. Excited to see how things progress.

Cheers,

Dion

]]> By: Lloyd Hilaiel http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox/comment-page-1#comment-40050 Lloyd Hilaiel Mon, 01 Dec 2008 18:16:17 +0000 http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox#comment-40050 "Instead of asking once “is it ok for this app to do anything” we can ask a more nuanced question" I think this point is extremely important. I know it's perhaps orthogonal to your core idea, but the question should be user meaningful, and in the case of multiple questions we should visually prioritize based on user risk, to the extent that we can determine relative risks. Lots of hard work left here to do to generate a simple, uncluttered, straightforward question. And as you implied the question is the fallback.. "implicit interfaces" which provide implicit permission are the key, getting consent through user interaction that is required anyway to complete the user-important task. The tightrope we're walking here is the line between what the page controls and what they don't. What are the tools we use to enforce that the user clicking on the box in “[x] near my location”, actually allows a site to use location for this purpose only? Is this acceptable risk all things considered? I guess my question in this example is, should the page be able to state what the location will be used for? Potentially a more nuanced user question can be generated (implicit or explicit), but pages can lie. Yabber aside, I think understandable visual feedback on what a page is doing on your box would make things much better, and a whole class of questions could be safely delayed. To realize this auditing goal, it seems like everything running in a browser as a result of a pages actions should be put in a bucket that we can audit. Namely, web plugins would need to be audited in the same way as browser built-in stuff... Now how might we accomplish that? lloyd “Instead of asking once “is it ok for this app to do anything” we can ask a more nuanced question”

I think this point is extremely important. I know it’s perhaps orthogonal to your core idea, but the question should be user meaningful, and in the case of multiple questions we should visually prioritize based on user risk, to the extent that we can determine relative risks. Lots of hard work left here to do to generate a simple, uncluttered, straightforward question.

And as you implied the question is the fallback.. “implicit interfaces” which provide implicit permission are the key, getting consent through user interaction that is required anyway to complete the user-important task.

The tightrope we’re walking here is the line between what the page controls and what they don’t. What are the tools we use to enforce that the user clicking on the box in “[x] near my location”, actually allows a site to use location for this purpose only? Is this acceptable risk all things considered?

I guess my question in this example is, should the page be able to state what the location will be used for? Potentially a more nuanced user question can be generated (implicit or explicit), but pages can lie.

Yabber aside, I think understandable visual feedback on what a page is doing on your box would make things much better, and a whole class of questions could be safely delayed.

To realize this auditing goal, it seems like everything running in a browser as a result of a pages actions should be put in a bucket that we can audit. Namely, web plugins would need to be audited in the same way as browser built-in stuff… Now how might we accomplish that?

lloyd

]]> By: Michael Mahemoff http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox/comment-page-1#comment-40049 Michael Mahemoff Mon, 01 Dec 2008 17:24:29 +0000 http://almaer.com/blog/application-trust-models-expanding-web-applications-out-of-the-sandbox#comment-40049 Spot on! It's not good enough - it shouldn't be in the future anyway - for apps to just say "I need access to the kitchen sink". There are several ways to attack this problem and the containers must play a big role in it. It dovetails with proper process management, which is part of the next evolution of browsers that Chrome has kick started. "ASIDE: I would love to know how many people: a) download something from the Web, b) run it, c) see that dialog and then d) say “oh, OK no.” I know what I am willing to bet on ;)" lol Spot on! It’s not good enough – it shouldn’t be in the future anyway – for apps to just say “I need access to the kitchen sink”. There are several ways to attack this problem and the containers must play a big role in it. It dovetails with proper process management, which is part of the next evolution of browsers that Chrome has kick started.

“ASIDE: I would love to know how many people: a) download something from the Web, b) run it, c) see that dialog and then d) say “oh, OK no.” I know what I am willing to bet on ;)”
lol

]]>