W3C home > Mailing lists > Public > public-web-security@w3.org > June 2010

Re: CSP & IETF BOF on HTTP Application Security?

From: Peter Saint-Andre <stpeter@stpeter.im>
Date: Wed, 09 Jun 2010 09:44:57 -0600
Message-ID: <4C0FB6F9.1050702@stpeter.im>
To: Brandon Sterne <bsterne@mozilla.com>
CC: art.barstow@nokia.com, ext Thomas Roessler <tlr@w3.org>, Jonas Sicking <jonas@sicking.cc>, Arun Ranganathan <arun@mozilla.com>, ext Daniel Veditz <dveditz@mozilla.com>, "public-web-security@w3.org" <public-web-security@w3.org>
Agreed, from what I've seen so far. It would be good for us to clearly
demarcate what's in scope for each group here.

On 6/9/10 9:25 AM, Brandon Sterne wrote:
> I think W3C is the right venue for CSP given that CSP is primarily
> geared towards content restrictions and HASMAT will be primarily focused
> on transport-level restrictions (think Origin header, STS, etc.).  I
> think there is a neat separation between these two areas which maps well
> to the areas of focus of IETF and W3C.
> -Brandon
> On 06/03/2010 11:39 AM, Arthur Barstow wrote:
>> Would this be a reasonable/acceptable place for CSP?
>> -Art Barstow
>> P.S. "hasmat" - that's a good one!
>>>> From: Peter Saint-Andre<stpeter@stpeter.im>
>>>> Date: 3 June 2010 20:14:13 GMT+02:00
>>>> To: "apps-discuss@ietf.org"<apps-discuss@ietf.org>
>>>> Subject: Re: HTTP Application Security (HAS) BoF
>>>> We now have a dedicated list for this BoF:
>>>> https://www.ietf.org/mailman/listinfo/hasmat
>>>> Please discuss further on that list. I'll be blasting various lists and
>>>> individuals regarding the BoF.
>>>> On 6/2/10 8:11 AM, Peter Saint-Andre wrote:
>>>>> I've received a proposal to hold a birds of a feather (BoF) session at
>>>>> IETF 78 in Maastricht on the topic of HTTP Application Security.  A
>>>>> draft charter and agenda can be found below.  Please discuss on the
>>>>> apps-discuss@ietf.org list:

Received on Wednesday, 9 June 2010 15:45:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:03 GMT