Re: [w3ctag/design-reviews] Standardizing Security Semantics of Cross-Site Cookies (Issue #904) from Johann Hofmann on 2023-10-17 (public-webapps-github@w3.org from October 2023)

From: Johann Hofmann <notifications@github.com>
Date: Tue, 17 Oct 2023 03:17:29 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/904/1766112891@github.com>

@torgo thanks for taking a look. This will be a note because the normative content will have to land in HTML / Fetch and the Cookies RFC. We're trying to resolve a chicken and egg problem here where we want to build consensus early for informing the [cookie layering](https://github.com/httpwg/http-extensions/issues/2084) architecture, but in order to do this we have to produce a consensus-driven document. A Note seems like a good compromise (and some of the content also fits better in a non-normative format, such as general API design advice).

We did some early discussions in Privacy CG but moved to discussing in WebAppSec given that this is mostly about security. We've gotten positive verbal sentiment from browser reps in the meetings (except for the `SameSite=Lax` standardization feedback I've explained above).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/904#issuecomment-1766112891
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/904/1766112891@github.com>

Received on Tuesday, 17 October 2023 10:17:34 UTC