[whatwg] origin+path namespacing and security

On Fri, 28 Aug 2009, Mike Wilson wrote:
> 
> My chain of thoughts is something like below (this is just a general 
> picture so don't take it too literally):
> 
> - invent a more restrictive mechanism for script access
>   between documents from the same origin ("host") so it 
>   can be limited based on a base path
> - this mechanism needs a way to specify the blessed path,
>   maybe something along the lines of document.domain or a
>   response header
> - the default blessed path should probably be as
>   permissive as today to not break existing content on
>   the Web (though maybe some smart algorithm may be
>   developed that adds some restrictions)
> - if new browsers implement this mechanism, it means it
>   will be possible to secure all new HTML5 features
>   implemented at the same time or later, as authors can
>   depend on that, if a browser has feature X, then it also
>   has path-based security
> - old browsers will still ignore the new path-based
>   restrictions, but they will not have the new HTML5
>   features so these can not be exploited
> - cookies will still be exploitable in old browsers and
>   for legacy content, but as old browsers are phased out
>   application authors can more and more depend on cookies
>   also being "safe" based on configured path security

It's definitely too late to take on anything this radical in the HTML5 
time frame. I would recommend building experiments on these lines, 
publishing papers and getting peer review, and so on, to see what could be 
done on the long term.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 2 September 2009 14:43:29 UTC