W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: SOP wiki was: A Somewhat Critical View of SOP (Same Origin Policy)

From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 29 Sep 2015 15:01:10 -0700
Message-ID: <CAHOTMVJ+NExKvGPJw_fooQbNdHZswk7i0WqEzv3eJ+ea37MycA@mail.gmail.com>
To: "Hodges, Jeff" <jeff.hodges@paypal.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, WebAppSec WG <public-webappsec@w3.org>
On Tue, Sep 29, 2015 at 2:24 PM, Hodges, Jeff <jeff.hodges@paypal.com>

> that is what is explained in
> http://identitymeme.org/http-cookie-processing-algorithm-etlds/

In the case of FIDO though, I am guessing these are just rules for scoping
App IDs, and both parties must "agree" (via JS running and contained via
SOP) on the common App ID to use, unlike cookies where the cookie recipient
has no power, only the cookie setter...

Tony Arcieri
Received on Tuesday, 29 September 2015 22:02:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC