- From: Nathan <nathan@webr3.org>
- Date: Thu, 03 Jun 2010 17:48:28 +0100
- To: Tim Berners-Lee <timbl@w3.org>
- CC: Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org" <www-tag@w3.org>, John Kemp <john@jkemp.net>
Tim Berners-Lee wrote: > On 2010-06 -02, at 15:58, Nathan wrote: > >> Does this in anyway tie in with what John Kemp is working on with CORS/UMP etc? >> >> On reflection it seems a bit odd a spec is being made that allows sites to transfer personal information to each other, but doesn't give any control to the user over what they want to send to those sites. > > Yes. I think it does connect. The CORS system allows a site to say "When you access this data, we the publishers trust you to run scripts from xx.yy.com domain on it". The publisher has control of the fate of the data - sounds reasonable except it ignores the possibility of the user knowing that the scripts are safe. > > In the copy ambush example, I sympathize with Paul Libbrech (and Jonas Sicking ) when he says "...the only way out is to give the user the choice". > > So a user may decide to trust -- well to allow, on balance -- the scripts from a given domain, while they will have advantages and disadvantages. So the browser has to build up a list of user-trusted script sites? > > Tim long term I'd love to see signed javascript widgets on the client-side (so trust is implicit and opted in to by the user, like when we 'install' an application). short term is there really anyway around this? sites could still proxy the request, even if not using XHR they could load any remote element with GET params in to the DOM and pass info that way.. The only 'real' way I can see to address this, is to get each user to verify every single HTTP request after document.onload has fired, in combination with CORS on the server side (would still need a UMP style 'Uniform-Headers' addition though [1]), and perhaps further in combination with a trusted domain/script list approach - likelihood of that happening..? [1] http://dev.w3.org/2006/waf/UMP/#response-header-filtering Best, Nathan
Received on Thursday, 3 June 2010 16:49:34 UTC