W3C home > Mailing lists > Public > public-web-security@w3.org > June 2010

fyi: I-D Action:draft-abarth-origin-07.txt

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Wed, 09 Jun 2010 10:20:44 -0700
Message-ID: <4C0FCD6C.8040900@KingsMountain.com>
To: W3C Web Security Interest Group <public-web-security@w3.org>
draft-abarth-origin is once again a current I-D.

<http://tools.ietf.org/html/draft-abarth-origin>

=JeffH

Subject: I-D Action:draft-abarth-origin-07.txt
From: Internet-Drafts@ietf.org
Date: Tue,  8 Jun 2010 20:00:02 -0700 (PDT)
To: i-d-announce@ietf.org


A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : The Web Origin Concept
	Author(s)       : A. Barth, et al.
	Filename        : draft-abarth-origin-07.txt
	Pages           : 14
	Date            : 2010-06-08

This document defines the concept of an "origin," which is used by
web browsers to isolate content retrieved from different parties.
The origin concept is defined by a "same-origin" relation and a
serialization algorithm.  This document also defines an HTTP Origin
header, which a user agent can use to describe the security contexts
that caused the user agent to initiate an HTTP request.  HTTP servers
can use the Origin header to mitigate against Cross-Site Request
Forgery (CSRF) vulnerabilities.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-abarth-origin-07.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.


---
end
Received on Wednesday, 9 June 2010 17:21:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:03 GMT