W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2016

Re: Call for Consensus: Stop work and transition 3 Working Drafts to Working Group Notes

From: David Ross <drx@google.com>
Date: Mon, 18 Jul 2016 09:00:09 -0700
Message-ID: <CAMM+ux6Cw7T-ebqKF6rANjcbPfQba7_sidwrRZTTsL1ouOYqzA@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
The most frequently discussed are the objections around EPR's behavior
w.r.t. deep-linking.  That is, some nefarious content provider might find
EPR to be the most convenient way to block deep linking.  I wouldn't say
that this is a blocking issue per-se, but with competing priorities it's
hard to fight for something where there's at least some active opposition.

I also see potential for lower-level isolation technologies to evolve and
provide EPR-like functionality.  (Things like Firefox Container Tabs,
https://blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-web/)

Dave

On Mon, Jul 18, 2016 at 12:30 AM, Anne van Kesteren <annevk@annevk.nl>
wrote:

> On Wed, Jul 13, 2016 at 8:42 PM, David Ross <drx@google.com> wrote:
> > In any case, EPR has been stalled for other reasons and I'm not going to
> > contest the proposed transition.  I just hope that it won't be too hard
> to
> > revive it as necessary in the future.
>
> Can you elaborate on the other reasons? Although I'm still a little
> concerned about the features EPR offers, having isolation against XSS
> and XSRF does seem like a necessary component to offer more low-level
> APIs to the web.
>
>
> --
> https://annevankesteren.nl/
>
Received on Monday, 18 July 2016 16:01:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC