More app security needed

London, 14 Oct 2011
Read time 2min 00sec

Sir Tim Berners-Lee, inventor of the World Wide Web and director of the Web consortium W3C, has offered insights into what he'd like to see from Web application security.

Berners-Lee was speaking at the closing keynote of the RSA Conference Europe 2011, held in London this week.

"Web apps are what's coming, what's cool," he said. Berners-Lee added that security is a concern with Web applications, because users often give advertisers access to sensitive data. When you download something, it comes with a script to do all kinds of things, he said.

“Security needs to improve without impacting the user interface.” In a browser, there was a time where people would look for a padlock in the corner of a screen to make sure a connection was secure, but "the padlock doesn't mean you're talking to the bank, it just means you're having a secure conversation with someone,” said Berners-Lee.

Subsequently, security companies looked at a Web site's certificate to make sure it is what it claimed, and showed a green bar. He says that did little to the user interface, but "it made me more comfortable. That's the sort of thing I want”.

He spoke of a desire for "personal cloud", whereby each user had a bit of space for personal use, and can give people access to them. He also explained he wanted things to become more personalised and have the ability to select which groups of people get access to certain data, without having to constantly select it. "I want to set my own policies, and a simple user-interface."

Berners-Lee said he wants to control the resources allocated. For example, he wants to be able to choose how much memory or CPU any given application will receive. "I also want more powerful tools to control the devices an application gets access to. I want to be able to trust things."

He noted that if people can assure that level of security in Web apps, "we may have an explosion of really interesting apps that talk to each other".

See also