[presentation-api] Define security requirements for messaging channel between secure origins from Mark Foltz via GitHub on 2015-04-24 (public-secondscreen@w3.org from April 2015)

From: Mark Foltz via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Apr 2015 23:19:19 +0000
To: public-secondscreen@w3.org
Message-ID: <issues.opened-70819078-1429917558-sysbot+gh@w3.org>

mfoltzgoogle has just created a new issue for 
https://github.com/w3c/presentation-api:

== Define security requirements for messaging channel between secure 
origins ==
While discussing the [Hbb 2.0 TV 
standard](http://www.digitaltveurope.net/320392/hbbtv-2-0-specification-announced/),
 the issue of how WebSockets would be used to communicate between the 
controlling Web application and the presenting TV Web application.

If these Web applications are provided on secure (`https://`) origins,
 some guarantees of message confidentiality and authenticity of either
 party should be made to meet the standards set out by the [Mixed 
Content 
proposal](https://w3c.github.io/webappsec/specs/mixedcontent/).

This issue will be addressed by a spec change to spell out the 
security requirements for the messaging channel as part of the 
Security and Privacy sections of the spec.

Source thread:  
https://lists.w3.org/Archives/Public/public-secondscreen/2015Apr/0055.html

See https://github.com/w3c/presentation-api/issues/80

Received on Friday, 24 April 2015 23:19:20 UTC