- From: Doyle, Bill <wdoyle@mitre.org>
- Date: Mon, 17 Dec 2007 13:53:45 -0500
- To: <public-appformats@w3.org>
- Message-ID: <518C60F36D5DBC489E91563736BA4B5801CBA1F1@IMCSRV5.MITRE.ORG>
Hi, I am on W3C's WSC WG and have been asked to review the proposed Access Control for Cross-Site Requests capability. I also had some feedback from MITRE's infosec community and came up with the following items. The Access Control for cross-site requests extension appears to have a major impact to a web servers Information Assurance (IA) model and may have profound effects on security agreements in place that govern use of the web server. If a client becomes a Policy Decision Point for a server, the server must rely on the clients IA capabilities and robustness of IA controls in place for the client to ensure that the server and applications hosted on the server are not compromised. Given the considerations noted above, the proposed Access Control for cross-site requests must take into consideration the following capabilities. 1. The cross-site scripting protocol must include strong cryptographic mechanisms to ensure that the server can restrict use of the capabilities to authenticated and authorized clients. 2. The protocol must provide the ability for a server to support fine grained access control. e.g. a server should be able to limit write access to a specific client noted in item 1. 3. Protocol must be able to restrict inheritance of a clients access control rights by other clients. 4. Resources must be protected until access is granted; the security consideration that resources are not revealed is not strong enough. Regards, Bill Doyle wdoyle@mitre.org
Received on Monday, 17 December 2007 18:53:59 UTC