W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] Is origin an authenticated origin?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 28 Oct 2014 17:05:06 +0100
Message-ID: <CADnb78jJ_YrGH5Md8Ufx7H-TOaY_xySMxTVFsYR=Jc-Yoa90zQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 5:06 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> So I guess whether something is weakly authenticated should first be
> exposed on a response. And then propagated by the navigate and run a
> worker algorithms somehow for environment settings objects.

I would prefer not using http://www.w3.org/TR/wsc-ui/ as a building
block since it's not actively maintained. I think for now I'll just
define a "TLS state" field which is "protected", "deprecated", or
"none" and leave it up to implementers to pick between "protected" and
"deprecated" (that seems to be current best practice :/) and then
Mixed Content and co can build upon that.

Received on Tuesday, 28 October 2014 16:05:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC