Re: Heads-up: Some buzz about access-control from Jon Ferraiolo on 2007-09-01 (public-appformats@w3.org from September 2007)

From: Jon Ferraiolo <jferrai@us.ibm.com>
Date: Sat, 1 Sep 2007 13:12:42 -0700
To: Thomas Roessler <tlr@w3.org>
Cc: public-appformats@w3.org
Message-ID: <OF5ACF9141.F5A7A594-ON88257349.006E5FB1-88257349.006F06DB@us.ibm.com>

Hi everyone,
I have been involved in some on-again-off-again discussions about access
control over the past few months with various security experts at OpenAjax
Alliance and at IBM, and a little with Doug Crockford of Yahoo. It will
take me some time to do my homework and research what various people have
said, but I just wanted the WAF committee to expect that in the next few
weeks I will do my best to consolidate the various discussions and send
good feedback on the security pros and cons of the latest access control
draft. For now, I will say that some concerns will be raised.

Jon

Jon Ferraiolo <jferrai@us.ibm.com>
OpenAjax Alliance and IBM



                                                                           
             Thomas Roessler                                               
             <tlr@w3.org>                                                  
             Sent by:                                                   To 
             public-appformats         public-appformats@w3.org            
             -request@w3.org                                            cc 
                                                                           
                                                                   Subject 
             08/30/2007 12:55          Heads-up: Some buzz about           
             AM                        access-control                      
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





Apparently, the Mozilla folks have announced support for the
access-control spec, and caused some buzz about it.

I've dropped some pointers to this WG's public comment address.

Cheers,
--
Thomas Roessler, W3C  <tlr@w3.org>






----- Forwarded message from bugtraq@cgisecurity.net -----

From: bugtraq@cgisecurity.net
To: websecurity@webappsec.org
Date: Tue, 28 Aug 2007 18:54:19 -0400 (EDT)
Subject: [WEB SECURITY] firefox3 vuln by design?
X-Spam-Level:
Mailing-List: contact websecurity-help@webappsec.org; run by ezmlm
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5

pdp had an interesting read at
http://www.gnucitizen.org/blog/i-dont-think-that-you-understand-firefox3-vulnerable-by-design


Any mozilla people care to chime in?

- Robert
http://www.cgisecurity.com/
http://www.qasec.com/


----------------------------------------------------------------------------

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



----- End forwarded message -----

Attachments

image/gif attachment: graycol.gif
image/gif attachment: pic27449.gif
image/gif attachment: ecblank.gif

Received on Saturday, 1 September 2007 20:14:01 UTC