crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] from Web Cryptography Working Group Issue Tracker on 2012-08-22 (public-webcrypto@w3.org from August 2012)

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Wed, 22 Aug 2012 19:43:00 +0000
To: public-webcrypto@w3.org
Message-Id: <E1T4GpQ-0005zR-FX@tibor.w3.org>

crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API]

http://www.w3.org/2012/webcrypto/track/issues/26

Raised by: Ryan Sleevi
On product: Web Cryptography API

The charter defines as "out of scope" as "access-control mechanisms beyond the enforcement of the same-origin policy"

However, it was initially proposed by David Dahl, that during key generation, an application may be permitted to specify alternative origins be allowed to access the same key material. For example, it might include a DOMString[] of authorized origins, for which, if the key is generated, they're permitted to access.

Additionally, there's outstanding question as to whether an origin, with access to a key, may be able to grant access to other origins proactively.

Received on Wednesday, 22 August 2012 19:43:01 UTC