W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: A Somewhat Critical View of SOP (Same Origin Policy)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 24 Sep 2015 08:27:18 +0200
To: Brad Hill <hillbrad@gmail.com>, Alex Russell <slightlyoff@google.com>
Cc: public-web-security@w3.org, Tony Arcieri <bascule@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Rigo Wenning <rigo@w3.org>
Message-ID: <560397C6.8060205@gmail.com>
Would it be possible taking a step back and return to the question which
unfortunately created this tornado of moderately entertaining e-mails?

https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/0166.html

Since payment resources regardless if they reside in the browser, platform,
or in the cloud do not have any a priori relation with merchants it seems
that SOP isn't really applicable to Web Payments?

It would be great if the yet to be launched Web Payment WG which is supposed
to produce a Browser Payment API in the coming 6-18 months got some input in
advance on this matter from the Web Architecture community.

- Anders
Received on Thursday, 24 September 2015 06:28:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC