- From: Brad Hill <hillbrad@fb.com>
- Date: Mon, 10 Nov 2014 06:01:17 +0000
- To: Web Application Security Working Group <public-webappsec@w3.org>
Rechartering Thread 12: COWL Though not on our survey, Deian Stefan of Stanford introduced his COWL proposal to the group at TPAC. http://cowl.ws My nutshell summary is that COWL is an efficient and backwards compatible way to apply mandatory access controls using origin labels to webapp information flows, opening very interesting new possibilities in mashups and security reasoning about new features. There was strong positive sentiment towards the proposal at TPAC. Implementation requires a few new features as part of CSP, and additionally, Deian would need to outline what a normative specification would look like. My call on the consensus so far is that if he is willing to serve as an editor the group is interested in advancing the proposal. Please reply to this thread with comments or objections, if you are interested in serving as a co-editor, or have additional relevant input documents. Thank you, Brad Hill
Received on Monday, 10 November 2014 06:01:41 UTC