W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: A Somewhat Critical View of SOP (Same Origin Policy)

From: Rigo Wenning <rigo@w3.org>
Date: Sat, 26 Sep 2015 12:11:16 +0200
To: Siva Narendra <siva@tyfone.com>
Cc: anders.rundgren.net@gmail.com, Henry Story <henry.story@co-operating.systems>, Brad Hill <hillbrad@gmail.com>, Mike O'Neill <michael.oneill@baycloud.com>, Tony Arcieri <bascule@gmail.com>, public-webappsec@w3.org, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <1809028.btIJY1ari4@hegel>
Siva, 

I see your point. But it is an obvious one in the current discussion. Brad was 
just very helpful for me to understand where we are, where we see conflicts 
and where we can have synergies. 

What remains a challenge for the EMV/CAC credentials is the scoping with 
respect to the Web architecture. I have some solutions on my mind and I 
already talked to Virginie, but I have to work them out before being able to 
present them. In the meantime, I must admit that this task is not the only one 
I have, so we stretched the time to work it out a bit. 

And of course we have to look into the results of the WebCryptoNext Workshop. 

 --Rigo

On Wednesday 23 September 2015 6:47:46 Siva Narendra wrote:
> Rigo. I think it will be useful to look at the minutes of the last W3C web
> crypto workshop and the voting results.
> 
> FIDO has its place but it is not the only framework for the web. Web
> standards ought to consider more inclusive framework and not just be a FIDO
> shop. That was in summary the outcome of the workshop.
> 
> Consider this - For NIST Level 4 auth, FIDO applet can run on a smartcard
> but so can other applets such as EMV/EMV tokenization or CAC/CAC derived
> credentials - these may or most likely may not be FIDO centric.
> 
> Smartcard standards (the only globally universal hardware secuirty
> standard) doesn't pick a favorite and is generic enough. Web standards
> shouldn't either and can be made generic enough.

Received on Saturday, 26 September 2015 10:11:41 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC