W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [webappsec] Rechartering: Sub-Origins

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Mon, 10 Nov 2014 11:31:47 -0800
Message-ID: <CALx_OUBW7ZROFZ1=ZjktP3M63ZShHDtw4qWCQ_NOOo3CFyBh3A@mail.gmail.com>
To: David Bruant <bruant.d@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "Mark S. Miller" <erights@google.com>
The basic reasoning behind suborigins is to provide a very simple,
intuitive, and low-cost way to compartmentalize applications, reason
about the compartmentalization, and test it with automated tools.

If I understand it correctly, your critique is that suborigins are a
bad idea because application compartmentalization can be achieved with
a bit more work with existing tools. But I think this applies to most
other mechanisms: we also do not strictly require CSP or referer
directives or most of the other security work. Almost all of its is
driven by the desire to just make things simpler, more intuitive, less
likely to fail, and easier to audit for.

We're definitely acutely aware of Caja and similar solutions and have
spent years trying to convince product teams to use it in a variety of
settings :-) I *think* that suborigins will strictly improve status
quo and has a chance of working out, but of course, no promises.


/mz
Received on Monday, 10 November 2014 19:32:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC