W3C home > Mailing lists > Public > public-webcrypto@w3.org > August 2012

crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API]

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Wed, 22 Aug 2012 19:43:00 +0000
Message-Id: <E1T4GpQ-0005zR-FX@tibor.w3.org>
To: public-webcrypto@w3.org
crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API]

http://www.w3.org/2012/webcrypto/track/issues/26

Raised by: Ryan Sleevi
On product: Web Cryptography API

The charter defines as "out of scope" as "access-control mechanisms beyond the enforcement of the same-origin policy"

However, it was initially proposed by David Dahl, that during key generation, an application may be permitted to specify alternative origins be allowed to access the same key material. For example, it might include a DOMString[] of authorized origins, for which, if the key is generated, they're permitted to access.

Additionally, there's outstanding question as to whether an origin, with access to a key, may be able to grant access to other origins proactively.
Received on Wednesday, 22 August 2012 19:43:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:25 UTC