On Wed, 02 Feb 2011 21:12:52 +0100, Nathan <nathan@webr3.org> wrote: > Anne van Kesteren wrote: >> Fundamentally changing the essentials of the web security model is >> like hoping XHTML 2.0 or Cookie2 will succeed. It will not happen >> unless everything changes. > > Can you send me a link to "the web security model" please, somehow I've > managed never to see that spec or any definition of it. (embarrassing!) > > I'd certainly be interested in reading all about why Cookies and > stateful HTTP usage are good for security and to be adopted heavily, > whilst reading the comments in a publicly available javascript embedded > from a "cross-origin" is big security concern to be prevented at all > costs. Should be a great read and very enlightening. > > Thanks much for pointing it out, I am pretty sure you are being sarcastic, but there is no real central definition of the "the web security model". It was mostly developed adhoc as the platform evolved. http://tools.ietf.org/html/draft-ietf-websec-origin which came from the HTML5 work defines an important part of it. -- Anne van Kesteren http://annevankesteren.nl/Received on Thursday, 3 February 2011 14:48:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:30 GMT