Network impact of Web access to device APIs W3C Workshop on - - PowerPoint PPT Presentation

network impact of web access to device apis
SMART_READER_LITE
LIVE PREVIEW

Network impact of Web access to device APIs W3C Workshop on - - PowerPoint PPT Presentation

Nov 18, 2022 375 likes •517 views

Network impact of Web access to device APIs W3C Workshop on Security for Access to Device APIs from the Web December 10-11, 2008 Mat Ford http://www.isoc.org Background ISOC is focused on continued operation of the global Internet

slide-1
SLIDE 1

http://www.isoc.org

Network impact of Web access to device APIs

W3C Workshop on Security for Access to Device APIs from the Web December 10-11, 2008 Mat Ford

slide-2
SLIDE 2

http://www.isoc.org

Background

  • ISOC is focused on continued operation of the global

Internet

– Taking a holistic approach to identify issues and opportunities – Many network growth issues and opportunities cross boundaries and cut into competing interests

  • Our purposes are to:

– Identify and help elaborate such cross-boundary network issues – Promote resolution through open dialogue and collaboration in appropriate fora – Promote and validate the open, collaborative Internet development model

10th - 11th December 2008 2

slide-3
SLIDE 3

http://www.isoc.org

Background

  • Concerned with identifying forces pushing

towards

– islands of networking – emergence of multiple networked realities

  • Looking to drive a modern understanding and

consistent implementation of the end-to-end principle of the Internet

  • We also aim to support development and

deployment of key technologies for stable and secure Internet infrastructure

10th - 11th December 2008 3

slide-4
SLIDE 4

http://www.isoc.org

Interest areas

  • These motivations and concerns lead us

to an interest in the topic of this workshop in at least three areas:

– Network impact – Open interfaces – Layering

10th - 11th December 2008 4

slide-5
SLIDE 5

http://www.isoc.org

Network impact

  • What are potential impacts on network layer?
  • What are potential side-effects on network

usage?

  • Web apps inherently more secure as potentially

more regularly updated?

  • Exposing device APIs to the web may increase

potential for remote exploit

– New generations of network worms and bots

10th - 11th December 2008 5

slide-6
SLIDE 6

http://www.isoc.org

Network impact

  • New patterns of network usage

– IP nets typically dimensioned based upon assumptions about end-host behaviour that are increasingly invalid – More M2M and background bulk transfers (P2P) create new pressures on operators – Is there potential for increasingly sophisticated web applications to drive disruptive patterns of network usage?

10th - 11th December 2008 6

slide-7
SLIDE 7

http://www.isoc.org

Open interfaces

  • Open interfaces are the bedrock of the

Internet’s success

  • Gross functionality of the network should

not depend on use of proprietary equipment

  • Open interfaces maximise the potential for

innovative applications to emerge, thereby increasing the value of the network to all

10th - 11th December 2008 7

slide-8
SLIDE 8

http://www.isoc.org

Layering

  • Internet != Web
  • Minimise potential for undesirable

interactions between layers

  • Maximise potential to change properties of
  • ne layer without negatively impacting
  • ther layers

10th - 11th December 2008 8

slide-9
SLIDE 9

http://www.isoc.org

Some examples

  • Strong(er) coupling between app layer and

net layer is generally undesirable:

– Optimising app performance by requiring network support – Sharing IP addresses across subscribers will require apps to know more about the net

10th - 11th December 2008 9

slide-10
SLIDE 10

http://www.isoc.org

Some (mobile specific) examples

  • Does the amount of glue needed to provide a seamless user

experience work to balkanize services by device/provider/etc?

  • User expectations of consistent service and behaviour when

roaming?

  • Potentially a lot of middlebox interactions required
  • Potential conflicts caused by fairly atomic widgets accessing

hardware features on a handset (like geo-location data) without any kind of unified version of user preferences at the local level

  • Lots of questions re: conflicts in policy, data portability, service

mismatches while roaming, etc.

  • And then there’re the security and privacy concerns

10th - 11th December 2008 10

slide-11
SLIDE 11

http://www.isoc.org

Concluding remarks

  • Need for a strong and consistent security model when

allowing web apps access to device APIs is obvious

– This workshop is valuable, thanks organisers!

  • Please try to keep the concerns and principles raised

here in mind when developing in this space

  • Increasingly sophisticated web apps are enriching the

Internet and exposing device APIs has potential to do the same

  • Need to be vigilant against harming some fundamental

properties that have brought us to where we are today

10th - 11th December 2008 11

slide-12
SLIDE 12

http://www.isoc.org

Thanks for your attention!

10th - 11th December 2008 12