ISSUE-11 (security-model): What is the Security Model for the access-control spec? [Access Control] from Web Applications Working Group Issue Tracker on 2008-06-23 (public-webapps@w3.org from April to June 2008)

From: Web Applications Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 23 Jun 2008 19:35:24 +0000 (GMT)
To: public-webapps@w3.org
Message-Id: <20080623193524.7D1EE5F74F@stu.w3.org>

ISSUE-11 (security-model): What is the Security Model for the access-control spec? [Access Control]

http://www.w3.org/2008/webapps/track/issues/

Raised by: Arthur Barstow
On product: Access Control

[[ This issue was created on 2008-01-15 as Issue #21 in the Web Applications Formats (WAF) WG and is copied in totality to the Web Applications WG's Issues database:
<http://www.w3.org/2005/06/tracker/waf/issues/21> ]]

The AC4CSR spec is missing a description of its Security Model. For example, what is the threat model for attacks such as CSRF, XSS, etc. 

This issue was raised by the WSC WG during its joint f2f meeting with the WAF WG on 5 November 2007:

 <http://www.w3.org/2007/11/05-waf-minutes.html#item09>

It has also been a subject of discussion within e-mail exchanges on the public-appformats mail list:

 <http://lists.w3.org/Archives/Public/public-appformats/>

Received on Monday, 23 June 2008 19:37:11 UTC