W3C home > Mailing lists > Public > public-wsc-wg@w3.org > February 2008

ISSUE-182: We have lost the "secure page" definition [wsc-xit]

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 5 Feb 2008 17:27:06 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20080205172706.709386B5E9@tibor.w3.org>


ISSUE-182: We have lost the "secure page" definition [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Thomas Roessler
On product: wsc-xit

While merging in the rewritten TLS-related part, we seem to have lost the secure page definition. The last version of this definition is in the published working draft here:

  http://www.w3.org/TR/wsc-xit/#tlstosecurecontent

Text:

>>>
This section is normative.

If a given Web page consists of a single resource only, then all content that the user interacts with has security properties derived from the HTTP transaction used to retrieve the content.

[Definition: A Web page is called TLS-secured if the top-level resource and all other resources that can affect or control the page's content and presentation have been retrieved through strongly TLS protected HTTP transactions.]

This definition implies that inline images, stylesheets, script content, and frame content for a secure page need to be retrieved through strongly TLS protected HTTP tansactions in order for the overall page to be considered TLS-secured.
>>>
Received on Tuesday, 5 February 2008 17:27:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 17:27:13 GMT