ISSUE-3: Security concerns around Home Networking APIs
Security concerns around Home Networking APIs
- State:
- CLOSED
- Product:
- HOME_NETWORK_TF
- Raised by:
- Giuseppe Pascale
- Opened on:
- 2011-04-20
- Description:
- (re-posting for tracking purposes according to the new procedure; previous discussion available at [1]. Please reply to this thread if you have any comment)
Hi all,
we have discussed in several places (workshop, this mailing list, etc) how
important it is to address privacy and security concerns around Home
Networking Technologies.
In order to trigger some discussion, I started a new document about
Security.
The idea behind this document is to collect all reasonable concerns and a
list of possible solutions.
I don't think is in the scope for this TF to decide on one solution, but I
think would be valuable if this group could come up with an analysis and a
list of suggestion for a WG to work on.
The document is as usual available on the wiki
http://www.w3.org/2011/webtv/wiki/HNTF/Home_Network_TF_Discussions/Security
I'm sure there are more things that can be written, so feel free to
comment on it and propose extensions or corrections to it.
[1] http://lists.w3.org/Archives/Public/public-web-and-tv/2011Apr/0118.html - Related Actions Items:
- No related actions
- Related emails:
- [HOME_NETWORK_TF] Minutes of teleconference call 2011-09-08 (from fd@w3.org on 2011-08-09)
- Re: [HOME_NETWORK_TF] Issue and Requirements Summary (from giuseppep@opera.com on 2011-08-01)
- [HOME_NETWORK_TF] Issue and Requirements Summary (from r.berkoff@sisa.samsung.com on 2011-07-26)
- RE: Categolize what APIs should be stardized (from hj08.lee@lge.com on 2011-07-04)
- Re: Categolize what APIs should be stardized (from fd@w3.org on 2011-07-01)
- [HOME_NETWORK_TF] Open Issues for the HNTF (from giuseppep@opera.com on 2011-05-31)
- Re: webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from giuseppep@opera.com on 2011-05-02)
- RE: webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from r.berkoff@sisa.samsung.com on 2011-05-01)
- Re: webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from giuseppep@opera.com on 2011-04-29)
- webtv-ISSUE-11: Requirements Document and other deliverables [HOME_NETWORK_TF] (from sysbot+tracker@w3.org on 2011-04-27)
- Re: ISSUE-3: Security concerns around Home Networking APIs (from r.berkoff@sisa.samsung.com on 2011-04-26)
- webtv-ISSUE-3: Security concerns around Home Networking APIs [HOME_NETWORK_TF] (from sysbot+tracker@w3.org on 2011-04-20)
Related notes:
[Samsung] Security/Privacy for UPnP/DLNA HN devices was a significant concern during the development of CEA-2014-B(Remote UI).
The following measures were implemented:
1. By default pages that accessed HN devices were opened in "sandbox" mode where access to services such as cookies, XHR and Forms that could be used to upload information outside the home were restricted. The page could detect if the browser was in this mode. The UA could designate "trusted" domains where HN pages were permitted full access to UA facilities.
2. HN devices were protected by user-assigned passwords that were stored/managed by the UA. Pages accessing HN devices would be required to provide the correct password to the UA before it would "unlock" page access to HN Methods. Note some methods were non-password protected to allow basic device discovery to take place. The UA was required to expire passwords in which case the page would need to resubmit password to contine to have access to the device.
Display change log