On Wed, Nov 25, 2009 at 2:34 PM, Tyler Close <tyler.close@gmail.com> wrote: > On Wed, Nov 25, 2009 at 1:54 PM, Adam Barth <w3c@adambarth.com> wrote: >> Indeed. Security in the application layer is quite complex. That's >> what makes life interesting. :) > > So are you agreeing that there do exist SOP rules that the application > layer must obey? If so, should we document those rules? Yes. At the application layer. I'm not even sure you can articulate the policy coherently without referring to application-layer concepts. How would you explain the restrictions on images in the HTML Canvas element in terms of HTTP protocol messages? AdamReceived on Thursday, 26 November 2009 01:56:41 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:13 GMT