Re: What is Microsoft's intent with XDR vis-à-vis W3C? [Was: Re: IE Team's Proposal for Cross Site Requests]

On 2008-04-14 08:07:10 -0700, Jon Ferraiolo wrote:

> On the architecture side, Access Control is just plain wrong,
> with the PEP on the client instead of the server, which requires
> data to be sent along the pipe to the client, where the client is
> trusted to discard the data if the user isn't allowed to see the
> data; it is just plain architecturally wrong to transmit data
> that is not meant to be seen. 

This seems to confuse the attacker model a bit.  It's not about the
user not being permitted to see the data, it's about a web
application from a different origin not being allowed to manipulate
the data, even though the user is allowed to see the data.

See this message:
  http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0290.html
... for a more detailed discussion of that topic, and some links.

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Monday, 14 April 2008 15:22:31 UTC