- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 4 Mar 2008 18:34:26 +0100
- To: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
- Cc: public-wsc-wg@w3.org
On 2008-02-05 17:27:06 +0000, Web Security Context Working Group Issue Tracker wrote: > ISSUE-182: We have lost the "secure page" definition [wsc-xit] > > http://www.w3.org/2006/WSC/track/issues/ > > Raised by: Thomas Roessler > On product: wsc-xit > > While merging in the rewritten TLS-related part, we seem to have > lost the secure page definition. The last version of this > definition is in the published working draft here: > > http://www.w3.org/TR/wsc-xit/#tlstosecurecontent > > Text: > > >>> > This section is normative. > > If a given Web page consists of a single resource only, then all > content that the user interacts with has security properties > derived from the HTTP transaction used to retrieve the content. > > [Definition: A Web page is called TLS-secured if the top-level > resource and all other resources that can affect or control the > page's content and presentation have been retrieved through > strongly TLS protected HTTP transactions.] > > This definition implies that inline images, stylesheets, script > content, and frame content for a secure page need to be retrieved > through strongly TLS protected HTTP tansactions in order for the > overall page to be considered TLS-secured. > >>> I have re-added this text after verifying that it's consistent with the definitions as updated by Stephen. Web Security Context: Experience, Indicators, and Trust Editor's Draft 4 March 2008 $Revision: 1.179 $ $Date: 2008/03/04 17:33:18 $ http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#securepage As far as I'm concerned, we can close this issue. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 4 March 2008 17:34:38 UTC