- From: Mountie Lee <mountie@paygate.net>
- Date: Thu, 9 May 2013 10:43:05 +0900
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Thursday, 9 May 2013 01:43:52 UTC
in the WebCrypto WG, WebCrypto API specification follow same-origin security policy for cryptography key. the cryptography key which will be symmetric or asymmetric key is currently origin-specific and stored in local indexDB of UA. but by considering UseCases of EU (eID..) or Korea (National Certificate) we need cross-origin operation. I think, if "Access-Control-Allow-Origin" header has the list of URLs, the origin-specific local keys can be shared on the URLs of CORS header. does it make sense? regards mountie. On Thu, May 9, 2013 at 10:04 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Wed, May 8, 2013 at 5:58 PM, Mountie Lee <mountie@paygate.net> wrote: > > Hi. > > currently CORS is for remote resources. > > > > can we expand CORS header for local resources (origin-specific local > > resources)? > > > > if origin-A want resource-A can be used in origin-B, > > origin-B can be added to CORS header. > > > > is this scenario acceptable? > > You'll have to elaborate a bit. > > > -- > http://annevankesteren.nl/ > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Thursday, 9 May 2013 01:43:52 UTC