- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 21 Apr 2010 22:36:50 -0700
- To: "Mark S. Miller" <erights@google.com>
- Cc: Maciej Stachowiak <mjs@apple.com>, Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, "public-webapps@w3.org" <public-webapps@w3.org>
Unfortunately "ambient" doesn't have any good antonyms: http://www.synonym.com/antonym/ambient/ Adam On Wed, Apr 21, 2010 at 8:29 PM, Mark S. Miller <erights@google.com> wrote: > On Wed, Apr 21, 2010 at 7:40 PM, Maciej Stachowiak <mjs@apple.com> wrote: >> >> I'm not trying to draw a bright line here between categories of software, >> rather I am looking into the reason this proposed API would exist. The >> purpose is to avoid passively including any credentials that would identify >> the user, identify the requesting site, or otherwise convey ambient >> authority. Right? So what's a good word to express that? Maybe "Anonymous" >> is not the best word to capture that concept, but "Uniform" does not seem to >> capture it either. I don't think most people would make the leap that >> "Uniform" means, "please, browser, don't add any credentials". Whereas I >> think "Anonymous" does convey that intent. There may be an even better >> words, but I think "Anonymous" is a really good fit. >> Consider Tor. Tor calls itself "a distributed, anonymous network", and >> most would agree that is a fair label. However, no one assumes that Tor will >> prevent you from typing your real name or other indentifying information >> into a Web page, or stop you from uploading a file that includes a PGP >> signature. What it does try to do is ensure that such information is not >> conveyed to anyone passively. That seems to match the intent of UMP (and the >> UMP-like subset of CORS) - no identifying information is passively added, >> but the sender is free to explicitly add it themselves. > > Thanks, the Tor example is clarifying. Tor attempts to actually provide > anonymity, by attempting to hide all information that might be inadvertently > identifying, like IP address, traffic patterns, or other side channels. The > threat model includes an attacker that may be trying to identify the user > despite the absence of any purposely included identifying information. > UniformRequests provide no such protection, and so should not seem to > promise such. Since authorizing decisions only rely on overt information, > prevention of CSRF-like vulnerabilities need only be concerned about overt > information. Suppressing side channels is *much* harder. > Q: "I sent my messages using AnonXmlHttpRequest. How did the secret police > know I was a dissident?" > A: "The name 'AnonXmlHttpRequest' was chosen to clarify the security > property it provides: absence of CSRF-like vulnerabilities. Why did you > think it provided anonymity?" > > >> >> This Working Group also did not agree to standardize [JSONRequest and >> XDR], though both were proposed. We have no say in what names third parties >> use in nonstandard APIs. >> In addition, they both of these APIs gratuitously different from >> XMLHttpRequest in ways other than security policy. I would suggest that we >> not do that with the proposed new constructor. > > On that we agree. > >> >> Regards, >> Maciej >> >> > > > > -- > Cheers, > --MarkM >
Received on Thursday, 22 April 2010 05:44:45 UTC