W3C home > Mailing lists > Public > public-appformats@w3.org > September 2007

Re: Heads-up: Some buzz about access-control

From: Jon Ferraiolo <jferrai@us.ibm.com>
Date: Sat, 1 Sep 2007 13:12:42 -0700
To: Thomas Roessler <tlr@w3.org>
Cc: public-appformats@w3.org
Message-ID: <OF5ACF9141.F5A7A594-ON88257349.006E5FB1-88257349.006F06DB@us.ibm.com>

Hi everyone,
I have been involved in some on-again-off-again discussions about access
control over the past few months with various security experts at OpenAjax
Alliance and at IBM, and a little with Doug Crockford of Yahoo. It will
take me some time to do my homework and research what various people have
said, but I just wanted the WAF committee to expect that in the next few
weeks I will do my best to consolidate the various discussions and send
good feedback on the security pros and cons of the latest access control
draft. For now, I will say that some concerns will be raised.


Jon Ferraiolo <jferrai@us.ibm.com>
OpenAjax Alliance and IBM

             Thomas Roessler                                               
             Sent by:                                                   To 
             public-appformats         public-appformats@w3.org            
             -request@w3.org                                            cc 
             08/30/2007 12:55          Heads-up: Some buzz about           
             AM                        access-control                      

Apparently, the Mozilla folks have announced support for the
access-control spec, and caused some buzz about it.

I've dropped some pointers to this WG's public comment address.

Thomas Roessler, W3C  <tlr@w3.org>

----- Forwarded message from bugtraq@cgisecurity.net -----

From: bugtraq@cgisecurity.net
To: websecurity@webappsec.org
Date: Tue, 28 Aug 2007 18:54:19 -0400 (EDT)
Subject: [WEB SECURITY] firefox3 vuln by design?
Mailing-List: contact websecurity-help@webappsec.org; run by ezmlm
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5

pdp had an interesting read at

Any mozilla people care to chime in?

- Robert


Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

----- End forwarded message -----

(image/gif attachment: graycol.gif)

(image/gif attachment: pic27449.gif)

(image/gif attachment: ecblank.gif)

Received on Saturday, 1 September 2007 20:14:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:07 UTC