- From: Chris Needham <notifications@github.com>
- Date: Wed, 18 Oct 2017 00:27:34 -0700
- To: httpslocal/usecases <usecases@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 18 October 2017 07:28:20 UTC
chrisn commented on this pull request. > @@ -8,6 +8,18 @@ For details and further discussion, please refer to [the corresponding issue in GitHub](https://github.com/httpslocal/usecases/issues/7). Any proposals for addition, clarification and improvement are absolutely welcome. +## Security Infrastructure + +- W3C Web Application Security WG + - [Secure Contexts](https://w3c.github.io/webappsec-secure-contexts/): + defines “secure contexts”, which user agent implementers and specification authors + to allow minimum features of which authentication and confidentiality are met. + - [Mixed Context](https://w3c.github.io/webappsec-mixed-content/): + describes how a user agent should handle fetching of content over unencrypted or + unauthenticated connections in the context of an encrypted and authenticated document. + - [Cross-Origin Resource Sharing](https://www.w3.org/TR/cors/) (CORS): Note that there is a [proposal](https://lists.w3.org/Archives/Public/public-webappsec/2017Jul/0008.html) to mark the CORS spec as obsolete. I suggest also adding a reference to the [Fetch Living Standard](https://fetch.spec.whatwg.org/) to the list of relevant specs. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpslocal/usecases/pull/12#pullrequestreview-70117007
Received on Wednesday, 18 October 2017 07:28:20 UTC