W3C home > Mailing lists > Public > public-webapi@w3.org > April 2008

Re: What is Microsoft's intent with XDR vis--vis W3C? [Was: Re: IE Team's Proposal for Cross Site Requests]

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 14 Apr 2008 17:21:50 +0200
To: Jon Ferraiolo <jferrai@us.ibm.com>
Cc: "Close, Tyler J." <tyler.close@hp.com>, Chris Wilson <Chris.Wilson@microsoft.com>, David Ross <dross@windows.microsoft.com>, Doug Stamper <dstamper@exchange.microsoft.com>, Eric Lawrence <ericlaw@exchange.microsoft.com>, Gideon Cohn <gidco@windows.microsoft.com>, Ian Hickson <ian@hixie.ch>, Jonas Sicking <jonas@sicking.cc>, Laurens Holst <lholst@students.cs.uu.nl>, Marc Silbey <marcsil@windows.microsoft.com>, Maciej Stachowiak <mjs@apple.com>, Nikhil Kothari <nikhilko@microsoft.com>, "public-appformats@w3.org" <public-appformats@w3.org>, "Web API WG (public)" <public-webapi@w3.org>, public-webapi-request@w3.org, Sharath Udupa <Sharath.Udupa@microsoft.com>, Sunava Dutta <sunavad@windows.microsoft.com>, Zhenbin Xu <zhenbinx@windows.microsoft.com>
Message-ID: <20080414152150.GQ345@iCoaster.does-not-exist.org>

On 2008-04-14 08:07:10 -0700, Jon Ferraiolo wrote:

> On the architecture side, Access Control is just plain wrong,
> with the PEP on the client instead of the server, which requires
> data to be sent along the pipe to the client, where the client is
> trusted to discard the data if the user isn't allowed to see the
> data; it is just plain architecturally wrong to transmit data
> that is not meant to be seen. 

This seems to confuse the attacker model a bit.  It's not about the
user not being permitted to see the data, it's about a web
application from a different origin not being allowed to manipulate
the data, even though the user is allowed to see the data.

See this message:
... for a more detailed discussion of that topic, and some links.

Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 14 April 2008 15:22:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:10:00 UTC