Re: [webappsec] Rechartering: COWL

Brad Hill <> writes:

> Rechartering Thread 12: COWL
> Though not on our survey, Deian Stefan of Stanford introduced his COWL
> proposal to the group at TPAC.
> My nutshell summary is that COWL is an efficient and backwards compatible
> way to apply mandatory access controls using origin labels to webapp
> information flows, opening very interesting new possibilities in mashups
> and security reasoning about new features.
> There was strong positive sentiment towards the proposal at TPAC.
> Implementation requires a few new features as part of CSP, and
> additionally, Deian would need to outline what a normative specification
> would look like.  My call on the consensus so far is that if he is willing
> to serve as an editor the group is interested in advancing the proposal.
> Please reply to this thread with comments or objections, if you are
> interested in serving as a co-editor, or have additional relevant input
> documents.

I would love to serve as an editor and will start on the normative spec
outline this week.



Received on Monday, 10 November 2014 06:38:17 UTC