W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

[MIX] Language improvement for authenticated origin defintiion

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 18 Nov 2014 08:04:49 -0800
Message-ID: <CAEnTvdDb6RSkbbcJ12f+fsibbfJT2AGBKU4Sk4pVmHn4Xpiqyw@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
All,

I find the definition in terms of can X "use powerful features ?"
problematic, because the term "powerful features" is undefined and also a
matter of case-by-case judgement on the part of the responsible working
groups.

It may also be the case that different "powerful features" choose to use
slightly different definitions. For example, Chrome's implementation of
WebCrypto works only if the Document's origin is authenticated wheras it's
been proposed that for EME any such restrictions be based on the origin of
the top-level browsing context.

One could also see this procedure as a kind of backwards *definition* of
"powerful features", i.e. "Powerful Features are those features that may
only be used if the following procedure returns "Allowed".", and then my
comments are that it may not be only for this group to create such a
definition.

It would be better if the procedure were renamed in more concrete terms:
"Is Document's origin authenticated ?" or "Is Document potentially trusted
?" etc.

...Mark
Received on Tuesday, 18 November 2014 16:05:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC