Abstract

The webinos project defines and delivers an open source web application runtime compatible with a wide range of smart devices, including smartphones, tablets, PCs, in-car systems and set-top boxes. A key aim of the project is building a platform which is both secure and protects user privacy. This document describes the security and privacy rational, threat model and architectural risk analysis used by the project. It is a companion document to the webinos system and API specifications and explains why certain security and privacy controls exist and what risks remain. It provides a set of recommendations and describes the outstanding weaknesses and issues of which webinos stakeholders may need to be aware.

Terms & conditions

This report is a public deliverable of the webinos project. The project members will review any feedback received; updates will be incorporated as applicable. The webinos project reserves the right to disregard your feedback without explanation. Later in the year, update to the report may be published on www.webinos.org as well as being made available as a live and community maintainable wiki. If you want to comment or contribute on the content of the webinos project and its deliverables you shall agree to make available any Essential Claims related to the work of webinos under the conditions of section 5 of the W3C Patent Policy; the exact Royalty Free Terms can be found at: http://www.w3.org/Consortium/Patent-Policy-20040205/. This report is for personal use only. Other individuals who are interested to receive a copy, need to access http://www.webinos.org/downloads. For feedback or further questions, contact: editors@webinos.org

We’re looking forward to your feedback!

download pdf: webinos-phase_II_security_framework