- From: Deian Stefan <deian@cs.stanford.edu>
- Date: Sun, 08 Feb 2015 19:26:29 -0800
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, Brad Hill <hillbrad@gmail.com>, Jeffrey Yasskin <jyasskin@google.com>, Mike West <mkwst@google.com>, Wendy Seltzer <wseltzer@w3.org>, David Ross <drx@google.com>, Dan Veditz <dveditz@mozilla.com>, Mounir Lamouri <mlamouri@google.com>, David Baron <dbaron@dbaron.org>, Anne van Kesteren <annevk@annevk.nl>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
Hi Dev, Devdatta Akhawe <dev.akhawe@gmail.com> writes: > The paragraph on "robust confinement mechanism" doesn't seem as > concrete a deliverable as most other things in the charter. What > exactly are we planning to do? DIFC or DC labels in a browser? I was trying to use language similar to the other deliverables, but I'm happy to expand and clarify further. The plan is to provide APIs for specifying policy in terms of (DC) labels and extend browsing contexts with labels (and APIs for changing this label). The context label dictates with whom the context can communicate, for example, by mapping the label to an underlying CSP policy and sandbox-flags and checking labels when sending messages. An alternative (to DIFC) way of thinking about this is in terms of CSP: when communicating with a party COWL ensures that the target's CSP is at least as restricting as the sender's. > I think the second paragraph on light-weight workers is a clear > deliverable and will be difficult enough. With that, a large part of > the goals of the first paragraph on confinement can be achieved in an > extensible manner, imo. I think that the light-weight worker deliverable is pretty straightforward. And it can also be separately from the first part. I do think that different components can be defined modularly as you suggest. But, it is not enough to just define the workers to do confinement. (I am not sure if that's what you meant by "With that".) Thanks, Deian
Received on Monday, 9 February 2015 03:26:57 UTC