W3C home > Mailing lists > Public > public-html-comments@w3.org > August 2011

Re: [web messaging] Channel Messaging Origins

From: Philippe De Ryck <philippe.deryck@cs.kuleuven.be>
Date: Wed, 03 Aug 2011 11:07:05 +0200
To: public-html-comments@w3.org
Cc: Giles Hogben <Giles.Hogben@enisa.europa.eu>, Lieven Desmet <Lieven.Desmet@cs.kuleuven.be>
Message-ID: <1312362426.25950.14.camel@papyrus>
On Tue, 2011-08-02 at 19:04 +0000, Ian Hickson wrote:
> On Mon, 1 Aug 2011, Philippe De Ryck wrote:
> > 
> > If two browsing contexts X and Y create a messaging channel using ports, 
> > no origin guarantees about the sender or receiver of the messages can be 
> > given. This is in contrast with the 'Cross-document Messaging' 
> > mechanism, where each message has a source and destination origin.
> 
> This is intentional. The security model here is a capabilities model, 
> where vending a MessagePort inherently grants a right. Exposing an origin 
> would actually undermine this, preventing capabilities from being 
> furthered to other origins.

The intention of message channels being used in a capabilities model is
not at all clear from the spec. Seeing it in this light, I have two
additional comments:

1. It might be useful to mention this in the spec, so that this
mechanism is used as intended (instead of just as an easy way to use
two-way communication). Additionally, mention the consequences that this
can have (i.e. the granted right can be passed along)

2. I understand that in a capabilities model, the target origin cannot
be specified. I don't think that this holds for the source origin, so is
there a specific reason to not include the source origin in the message
(even though the attribute is available)?


-- 
Philippe De Ryck
K.U.Leuven, Dept. of Computer Science


Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Received on Wednesday, 3 August 2011 09:20:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 3 August 2011 09:20:31 GMT