CORS moving towards W3C Recommendation - thoughts on UMP? from Hill, Brad on 2011-11-18 (public-webappsec@w3.org from November 2011)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Fri, 18 Nov 2011 15:54:44 -0700
To: "erights@google.com" <erights@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "tyler.close@gmail.com" <tyler.close@gmail.com>
Message-ID: <213E0EC97FE58F469BB618245B3118BB5558E38A83@DEN-MEXMS-001.corp.ebay.com>

Mark and Tyler,

  A Web Application Security WG was recently chartered at the W3C, and one of our work items is to advance towards recommendation a secure cross-origin messaging solution with CORS and UMP as "input documents".

  We would like to extend an invitation to you to join the WG or submit comments on our work, based on your historical contributions to and advocacy of UMP.

  At present, the plan of the WG is to advance CORS, with the understanding that UMP-style usages are possible as a subset of CORS behavior.  (http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UMP)

  If you have objections to or concerns with this or wish to reopen the discussion on UMP as a distinct deliverable, please let us know at public-webappsec@w3.org<mailto:public-webappsec@w3.org> or join our call as indicated on the WG home page.  http://www.w3.org/2011/webappsec/Overview.html

Thank you,

Brad Hill
Co-Chair, WebAppSec WG

Received on Friday, 18 November 2011 22:55:18 UTC