W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2017

Isolated Origins

From: Emily Stark <estark@google.com>
Date: Tue, 25 Apr 2017 14:52:31 -0700
Message-ID: <CAPP_2Sb82f=ktQ92pAChzTJ=TxCz1a2-odybjuBhbbW0oOSRGQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Mike West <mkwst@google.com>, Charlie Reis <creis@google.com>, David Ross <drx@google.com>, Tanvi Vyas <tanvi@mozilla.com>
On the last call, I mentioned that I would send out an "Isolate-Me" draft.
This is a proposal for a mechanism by which an origin can opt in to isolate
itself from other web content -- probably most useful for high-value
security-critical applications that are willing to give up some
functionality for such isolation.

Please take a look at this faint ghost of a spec that aims to explain the
threat model more and nail down what these isolation mechanisms are:
https://wicg.github.io/isolation/index.html

Any comments or feedback, either here or in the GitHub repo, would be very
welcome.

David Ross (cc'ed) might also want to share some thinking he's done about
alternative shapes for the part of the proposal that deals with navigation
restrictions.

Thanks!
Emily
Received on Tuesday, 25 April 2017 21:53:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:22 UTC