W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: A Somewhat Critical View of SOP (Same Origin Policy)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 23 Sep 2015 17:18:48 +0200
To: Harry Halpin <hhalpin@w3.org>, Alex Russell <slightlyoff@google.com>
Cc: public-web-security@w3.org, Tony Arcieri <bascule@gmail.com>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Rigo Wenning <rigo@w3.org>
Message-ID: <5602C2D8.8030408@gmail.com>
On 2015-09-23 15:57, Harry Halpin wrote:
> On 09/23/2015 03:42 AM, Anders Rundgren wrote:
>> In my opinion the #1 problem with this discussion is that when you
>> mention things that doesn't match the SOP vision like the fact that Android-,
>> Apple-, and Samsung-Pay doesn't work on the Web, dead silence is all you get.

> <ad hominem attacks>
 > </ad hominem attacks>

> In particular, it is likely more productive for various non-SOP schemes
> to find a way to adopt to SOP in a principled manner and so maintain
> security and privacy properties. Payment schemes, identity schemes, and
> the rest should and can do this.

This topic has never been discussed in for example:
http://www.w3.org/Payments/IG/

Maybe Jeff should take down the flag
http://www.w3.org/2015/01/banker_payments.pdf
before it gets too embarrassing?

Anders
Received on Wednesday, 23 September 2015 15:19:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC