Isolated Origins from Emily Stark on 2017-04-25 (public-webappsec@w3.org from April 2017)

From: Emily Stark <estark@google.com>
Date: Tue, 25 Apr 2017 14:52:31 -0700
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Mike West <mkwst@google.com>, Charlie Reis <creis@google.com>, David Ross <drx@google.com>, Tanvi Vyas <tanvi@mozilla.com>
Message-ID: <CAPP_2Sb82f=ktQ92pAChzTJ=TxCz1a2-odybjuBhbbW0oOSRGQ@mail.gmail.com>

On the last call, I mentioned that I would send out an "Isolate-Me" draft.
This is a proposal for a mechanism by which an origin can opt in to isolate
itself from other web content -- probably most useful for high-value
security-critical applications that are willing to give up some
functionality for such isolation.

Please take a look at this faint ghost of a spec that aims to explain the
threat model more and nail down what these isolation mechanisms are:
https://wicg.github.io/isolation/index.html

Any comments or feedback, either here or in the GitHub repo, would be very
welcome.

David Ross (cc'ed) might also want to share some thinking he's done about
alternative shapes for the part of the proposal that deals with navigation
restrictions.

Thanks!
Emily

Received on Tuesday, 25 April 2017 21:53:24 UTC