[webappsec] Rechartering: COWL

Rechartering Thread 12: COWL

Though not on our survey, Deian Stefan of Stanford introduced his COWL
proposal to the group at TPAC.


My nutshell summary is that COWL is an efficient and backwards compatible
way to apply mandatory access controls using origin labels to webapp
information flows, opening very interesting new possibilities in mashups
and security reasoning about new features.

There was strong positive sentiment towards the proposal at TPAC.
Implementation requires a few new features as part of CSP, and
additionally, Deian would need to outline what a normative specification
would look like.  My call on the consensus so far is that if he is willing
to serve as an editor the group is interested in advancing the proposal.

Please reply to this thread with comments or objections, if you are
interested in serving as a co-editor, or have additional relevant input

Thank you,

Brad Hill

Received on Monday, 10 November 2014 06:01:41 UTC