W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: UMP / CORS: Implementor Interest

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 21 Apr 2010 22:36:50 -0700
Message-ID: <l2j5c4444771004212236wdefe858dq45406246abe66506@mail.gmail.com>
To: "Mark S. Miller" <erights@google.com>
Cc: Maciej Stachowiak <mjs@apple.com>, Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, "public-webapps@w3.org" <public-webapps@w3.org>
Unfortunately "ambient" doesn't have any good antonyms:



On Wed, Apr 21, 2010 at 8:29 PM, Mark S. Miller <erights@google.com> wrote:
> On Wed, Apr 21, 2010 at 7:40 PM, Maciej Stachowiak <mjs@apple.com> wrote:
>> I'm not trying to draw a bright line here between categories of software,
>> rather I am looking into the reason this proposed API would exist. The
>> purpose is to avoid passively including any credentials that would identify
>> the user, identify the requesting site, or otherwise convey ambient
>> authority. Right? So what's a good word to express that? Maybe "Anonymous"
>> is not the best word to capture that concept, but "Uniform" does not seem to
>> capture it either. I don't think most people would make the leap that
>> "Uniform" means, "please, browser, don't add any credentials". Whereas I
>> think "Anonymous" does convey that intent. There may be an even better
>> words, but I think "Anonymous" is a really good fit.
>> Consider Tor. Tor calls itself "a distributed, anonymous network", and
>> most would agree that is a fair label. However, no one assumes that Tor will
>> prevent you from typing your real name or other indentifying information
>> into a Web page, or stop you from uploading a file that includes a PGP
>> signature. What it does try to do is ensure that such information is not
>> conveyed to anyone passively. That seems to match the intent of UMP (and the
>> UMP-like subset of CORS) - no identifying information is passively added,
>> but the sender is free to explicitly add it themselves.
> Thanks, the Tor example is clarifying. Tor attempts to actually provide
> anonymity, by attempting to hide all information that might be inadvertently
> identifying, like IP address, traffic patterns, or other side channels. The
> threat model includes an attacker that may be trying to identify the user
> despite the absence of any purposely included identifying information.
> UniformRequests provide no such protection, and so should not seem to
> promise such. Since authorizing decisions only rely on overt information,
> prevention of CSRF-like vulnerabilities need only be concerned about overt
> information. Suppressing side channels is *much* harder.
> Q: "I sent my messages using AnonXmlHttpRequest. How did the secret police
> know I was a dissident?"
> A: "The name 'AnonXmlHttpRequest' was chosen to clarify the security
> property it provides: absence of CSRF-like vulnerabilities. Why did you
> think it provided anonymity?"
>> This Working Group also did not agree to standardize [JSONRequest and
>> XDR], though both were proposed. We have no say in what names third parties
>> use in nonstandard APIs.
>> In addition, they both of these APIs gratuitously different from
>> XMLHttpRequest in ways other than security policy. I would suggest that we
>> not do that with the proposed new constructor.
> On that we agree.
>> Regards,
>> Maciej
> --
>     Cheers,
>     --MarkM
Received on Thursday, 22 April 2010 05:44:45 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:24 UTC