W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

wrt coming up with unified frameworks (was: Re: XSS mitigation in browsers)

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Thu, 20 Jan 2011 16:43:39 -0800
Message-ID: <4D38D6BB.5080501@KingsMountain.com>
To: W3C Web Security Interest Group <public-web-security@w3.org>
 > I honestly think we should be putting a lot more emphasis of
 > understanding actual use cases in complex environments for any
 > security mechanisms proposed; coming up with unified frameworks,
 > rather than disjointed solutions for small subsets of problems


The latter is what AndyS and I've been agitating for, of late. And is what this 
nascent WebAppSec WG is supposed to get to working on.

ThomasR indicates that they are still searching for (co-)chair(s) for it, in 
case anyone is interested. There's several folks who have said they intend to 
contribute to specifications (myself amongst them).

As one of the first steps, it'd be great to see the CSP spec presented in W3C 
Note format, please let me know if I can help make that happen.

Received on Friday, 21 January 2011 00:44:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:25 UTC