Re: A Somewhat Critical View of SOP (Same Origin Policy) from Tony Arcieri on 2015-09-14 (public-webappsec@w3.org from September 2015)

From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 14 Sep 2015 08:43:20 -0700
To: Rigo Wenning <rigo@w3.org>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, "Mike O'Neill" <michael.oneill@baycloud.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, public-webappsec@w3.org
Message-ID: <CAHOTMVLgeBSAZmQXNGgnv93t6XJrS8X1Lw+s_ondxpbRonUzYA@mail.gmail.com>

On Mon, Sep 14, 2015 at 4:57 AM, Rigo Wenning <rigo@w3.org> wrote:

> Coming on with the SOP as a drop dead argument against hardware security


SOP doesn't work with PKCS#11-style APIs. FIDO shows what's possible with
hardware tokens that respect the SOP, though.

-- 
Tony Arcieri

Received on Monday, 14 September 2015 15:44:09 UTC