- From: Mountie Lee <mountie@paygate.net>
- Date: Mon, 17 Mar 2014 09:56:34 +0900
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAE-+aY+dxPFSgkAR2v-ymRp6W1dtwrH9jfeim0vm6BAb5zqhzw@mail.gmail.com>
Hi. let me add more details the reason I suggested. as we know, some local resources are bound to specific origin. also we have possible solutions for cross-origin communications like CORS, postMessage, structured cloning and JSON. the requirement were initiated from discussion of Web Crypto WG. in the WG, cryptography technologies are discussed and the most important part of spec is the KEY(encryption key, decryption key....) for crypto operations. the key is also bound to specific origin. the key can be cloned/extracted and posted to different window of domain. but the key owner will lost key control after posting. my suggestion is to keep the resource control. regards mountie On Sun, Mar 16, 2014 at 3:24 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Wed, Mar 5, 2014 at 12:38 AM, Mountie Lee <mountie@paygate.net> wrote: > > Hi. let me propose "Access-Control-Allow-Local" to CORS. > > Again, it's not clear how this makes sense. You'd have more > creditability if you actually followed up to the previous email thread > you started on the matter: > > http://lists.w3.org/Archives/Public/public-webappsec/2014Feb/thread.html#msg33 > > > -- > http://annevankesteren.nl/ > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Monday, 17 March 2014 00:57:19 UTC