W3C home > Mailing lists > Public > public-web-security@w3.org > September 2015

Re: W3C Web Security IG - about SOP and web security model amendment

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 24 Sep 2015 16:00:04 +0200
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <560401E4.70302@gmail.com>
On 2015-09-24 11:23, GALINDO Virginie wrote:

Dear Virginie,

I have personally spent considerable time on write-ups like this one
which *indirectly* says that it is highly unlikely that there ever will be a
Hardware Security API in the browser except for SOP-compliant solutions like FIDO.
Is this the kind of information and level you are requesting?

For this particular issue I have numerous of times (yes, I am repeating myself...),
pointed in an entirely different direction but the only one who have responded
is Ryan Sleevi who didn't like it at all, although it actually builds on features
which were fairly recently introduced in Chrome.

Even the eID use-case which is a multi-billion-dollar-per-year business have
been dismissed as a bad thing which ASAP should be removed from the Web.

So, unless somebody comes up with an even more "brilliant" idea, I think we're
pretty stuck, including the coming HwSec and Web Payments WGs.

Anders Rundgren

> Dear all,
> The Web Security IG mailing list is dedicated to discuss and share information and views about the web security model. This is where the public can bring and discuss new work related to web security, which does not fall into the Web App Sec WG, or the Web Crypto WG.
> I encourage the promoters of the recent discussions on SOP and having a vision on an amended web security model to fill a wiki page, explaining problem and their idea of a solution here : https://www.w3.org/Security/wiki/IG/a_view_on_SOP
> I suggest that once that thread is written, structured and objected, then we can start again that conversation.
> Regards,
> Virginie
> Chair of the Web Security IG
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Thursday, 24 September 2015 14:00:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:38 UTC