W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2006

[whatwg] "secure" attribute in Storage section of WA spec

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 26 Jun 2006 12:56:20 +0100
Message-ID: <449FCB64.2020000@mozilla.org>
The Web Applications 1.0 spec says:

> 5.7.3. The StorageItem interface
> 
> Items in Storage objects are represented by objects implementing the
> StorageItem interface.
> 
> interface StorageItem {
>            attribute boolean secure;
>            attribute DOMString value;
> };

I would like to suggest the the "secure" attribute be an integer rather
than a boolean, initially with 0 meaning insecure, and 1 meaning secure.

The reason is that the CA industry and the browser manufacturers,
through the CA/Browser forum, are currently working on a more
stringently validated type of certificate ("EV" certs, for "extended
validation"). These would require applicants to reveal much more
information about themselves, and have it verified more carefully (e.g.
by a site visit). If and when such a certificate exists, UA
implementations may wish to differentiate between the two, and add an
extra value for these ("2").

So, for example, you could have StorageItems which were only returned if
the page on the site was secured with a new EV cert, and was not
accessible to pages which had an ordinary cert or no cert.

Does this make sense?

Gerv
Received on Monday, 26 June 2006 04:56:20 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:28 UTC