W3C home > Mailing lists > Public > public-web-security@w3.org > September 2015

RE: [+SPAM+]: Re: W3C Web Security IG - about SOP and web security model amendment

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Thu, 24 Sep 2015 14:07:25 +0000
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2A0115B186BF@A1GTOEMBXV005.gto.a3c.atos.net>
Anders,

I think what we need is not *indirect words*, neither history, nor conclusion saying we are stuck, but positive contribution here : https://www.w3.org/Security/wiki/IG/a_view_on_SOP

For the sake of the debate , Anders, thanks for trying to keep the plan which is
(1) write down problem and possible technical direction in the wiki and
(2) debate once the wiki is stable on this mailing list

Regards,
Virginie
Chair of the Web security IG


-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com]
Sent: jeudi 24 septembre 2015 16:00
To: GALINDO Virginie; public-web-security@w3.org
Subject: [+SPAM+]: Re: W3C Web Security IG - about SOP and web security model amendment

On 2015-09-24 11:23, GALINDO Virginie wrote:

Dear Virginie,

I have personally spent considerable time on write-ups like this one http://webpki.org/papers/permissions.pdf
which *indirectly* says that it is highly unlikely that there ever will be a Hardware Security API in the browser except for SOP-compliant solutions like FIDO.
Is this the kind of information and level you are requesting?

For this particular issue I have numerous of times (yes, I am repeating myself...), pointed in an entirely different direction but the only one who have responded is Ryan Sleevi who didn't like it at all, although it actually builds on features which were fairly recently introduced in Chrome.

Even the eID use-case which is a multi-billion-dollar-per-year business have been dismissed as a bad thing which ASAP should be removed from the Web.

So, unless somebody comes up with an even more "brilliant" idea, I think we're pretty stuck, including the coming HwSec and Web Payments WGs.

Regards,
Anders Rundgren
non-member



> Dear all,
>
> The Web Security IG mailing list is dedicated to discuss and share information and views about the web security model. This is where the public can bring and discuss new work related to web security, which does not fall into the Web App Sec WG, or the Web Crypto WG.
>
> I encourage the promoters of the recent discussions on SOP and having
> a vision on an amended web security model to fill a wiki page,
> explaining problem and their idea of a solution here :
> https://www.w3.org/Security/wiki/IG/a_view_on_SOP
>
> I suggest that once that thread is written, structured and objected, then we can start again that conversation.
>
> Regards,
>
> Virginie
>
> Chair of the Web Security IG
>
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ---------- This message and any attachments are intended solely for
> the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Thursday, 24 September 2015 14:07:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:38 UTC