[docs-and-reports] Who is assumed to have access to first and delegated party assets? (#19) from Erik Taubeneck via GitHub on 2022-10-21 (public-patcg@w3.org from October 2022)

From: Erik Taubeneck via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 Oct 2022 19:39:55 +0000
To: public-patcg@w3.org
Message-ID: <issues.opened-1418780320-1666381193-sysbot+gh@w3.org>

eriktaubeneck has just created a new issue for https://github.com/patcg/docs-and-reports:

== Who is assumed to have access to first and delegated party assets? ==
> I know that this is unchanged, but I'm going to open an issue about this one.  I find this a little unclear as presented here.
>
> Is this all first and third parties?  I think that - for threat model purposes - we might assume that this is indeed all information from all sites, but that might be a little over-broad.
> 
> Also, I'd like to see us talk about sites rather than parties.  Even if we need to acknowledge that apps are not web sites, they should follow roughly similar rules when it comes to their composition.

_Originally posted by @martinthomson in https://github.com/patcg/docs-and-reports/pull/14#discussion_r1001241148_


Please view or discuss this issue at https://github.com/patcg/docs-and-reports/issues/19 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 21 October 2022 19:39:57 UTC