ISSUE-144: Do we need to specify mixed content in more detail? [wsc-xit]

ISSUE-144: Do we need to specify mixed content in more detail? [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Thomas Roessler
On product: wsc-xit

In 5.4, we currently say:

<QUOTE> 

[Definition: A Web page is called TLS-secured if the top-level resource and all other resources that can affect or control the page's content and presentation have been retrieved through strongly TLS protected HTTP transactions.]

This definition implies that inline images, stylesheets, script content, and frame content for a secure page need to be retrieved through strongly TLS protected HTTP tansactions in order for the overall page to be considered TLS-secured.
</QUOTE>

I wonder whether we need to specify in more detail what this means for certain content types.  E.g., how do multiple layers of stylesheets interact with the notion of a TLS-secured page? Is this really the ultimate wisdom on framesets?  And so on.  Put briefly, I think this needs some more review and discussion.

Received on Monday, 17 December 2007 10:31:28 UTC