Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ryan Ware <ware-VuQAYsv1563Yd54FQh9/CA <at> public.gmane.org>
Subject: Re: Arbitrary 3rd Party Code
Newsgroups: gmane.comp.handhelds.meego.security.general
Date: Friday 8th April 2011 17:26:29 UTC (over 6 years ago)
On 04/07/2011 04:32 PM, Praveen Gupta wrote:
> URL is not usable.. Please re-send..
>
> Again, separation of local-access only data is, just, one usecase..
>
> There are several other usecases.. For example -
>
> * Separation of "enterprise", "Carrier" and "application-sensitive" data
> * Restriction of data cross-over from one domain to another
>
> Mobile platforms has "unique" security requirements.
>
> Implementation of these requirements is *necessary* for adoption of
mobile
> platforms by "sensitive" enterprise applications (for example).. Several
> other such scenarios / use-cases exists.
>
> We need *requirements* which we can map to different Meego releases..
>
> After requirements are frozen, we need to propose "architecture" with
> release plan.
Please don't top-post.

This might be the case if we were following a waterfall development 
model.  We are not in any way following that type of model.  
Additionally, we already have security requirements that have previously 
been defined and published.  There are others that have been defined and 
will be published in the near future.

As for the specific requirement that you've proposed, I do not see it as 
a requirement for MeeGo.  Even if it was, I don't see a viable technical 
solution that could be put in place.  Content providers have been trying 
to do this exact thing with various digital rights management systems 
since the dawn of digitally distributed, consumer oriented products.  As 
we all know, their efforts with all of their resources have not yet 
created a solution that would meet the intent of your requirement.  If 
they've never been able to do it, we have no hope of doing that with the 
small number of resources we have working on MeeGo.

I believe I have a good understanding of what you would like to see and 
we can't do it.  We can't have a requirement saying we need to govern 
what an application does with data after it's received it.  What we 
*can* have though (and do, but not published yet) is a requirement 
stating that the end-user can control which applications are allowed 
which type of personal data.  That is reasonable and implementable and 
we already have things in flight to get there.

Ryan
 
CD: 16ms