W3C home > Mailing lists > Public > www-tag@w3.org > February 2011

Re: breakage and consistency of the Web platform

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 03 Feb 2011 15:48:03 +0100
To: Nathan <nathan@webr3.org>
Cc: "Karl Dubost" <karld@opera.com>, "www-tag@w3.org WG" <www-tag@w3.org>
Message-ID: <op.vqb0qdkr64w2qv@anne-van-kesterens-macbook-pro.local>
On Wed, 02 Feb 2011 21:12:52 +0100, Nathan <nathan@webr3.org> wrote:
> Anne van Kesteren wrote:
>>  Fundamentally changing the essentials of the web security model is  
>> like hoping XHTML 2.0 or Cookie2 will succeed. It will not happen  
>> unless everything changes.
>
> Can you send me a link to "the web security model" please, somehow I've  
> managed never to see that spec or any definition of it. (embarrassing!)
>
> I'd certainly be interested in reading all about why Cookies and  
> stateful HTTP usage are good for security and to be adopted heavily,  
> whilst reading the comments in a publicly available javascript embedded  
> from a "cross-origin" is big security concern to be prevented at all  
> costs. Should be a great read and very enlightening.
>
> Thanks much for pointing it out,

I am pretty sure you are being sarcastic, but there is no real central  
definition of the "the web security model". It was mostly developed adhoc  
as the platform evolved.  
http://tools.ietf.org/html/draft-ietf-websec-origin which came from the  
HTML5 work defines an important part of it.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Thursday, 3 February 2011 14:48:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:30 GMT