- From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Wed, 22 Aug 2012 19:43:00 +0000
- To: public-webcrypto@w3.org
crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] http://www.w3.org/2012/webcrypto/track/issues/26 Raised by: Ryan Sleevi On product: Web Cryptography API The charter defines as "out of scope" as "access-control mechanisms beyond the enforcement of the same-origin policy" However, it was initially proposed by David Dahl, that during key generation, an application may be permitted to specify alternative origins be allowed to access the same key material. For example, it might include a DOMString[] of authorized origins, for which, if the key is generated, they're permitted to access. Additionally, there's outstanding question as to whether an origin, with access to a key, may be able to grant access to other origins proactively.
Received on Wednesday, 22 August 2012 19:43:01 UTC