<hat=individual> In the end, like so much of security, this is going to boil down to economics and incentives. We should take it as a given that we are not going to solve everybody's problem and create a perfect security utopia for advertising. What we can do is create primitives that allow those on the supply-side who care to offer reasonable security guarantees without having to turn away too much demand. >From my perspective, the easiest way to accommodate that demand-side feature pressure is not a bunch of fine-grained feature flags, but prioritizing a model that can be easily integrated into the *authoring tools* for advertising creative content, so that it is clear to agencies what will work and how they can build stuff that will be supported in a "secure" ad placement. -Brad On Mon Feb 09 2015 at 4:29:49 AM Jim Manico <jim.manico@owasp.org> wrote: > > It would be great > to hear from you and others about why it is unrealistic now. > > If you want to get premium-level compensation from some ad providers > then you need to give them full DOM access. This "goes away" in a > world where ads are fully sandboxed or not allowed DOM access. > > I am just wondering is the end game to shut this down or perhaps > provide a more flexible sandbox? I am hoping a flexible sandbox is the > end game. > > If there is a configurable ad-friendly web standard for DOM accessible > advertising, please point me in the direction. > > Aloha, > -- > Jim Manico > @Manicode > (808) 652-3805 > > > On Feb 9, 2015, at 12:55 PM, Mike West <mkwst@google.com> wrote: > > > > It would be great > > to hear from you and others about why it is unrealistic now. > >
Received on Monday, 9 February 2015 18:49:46 UTC