- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 03 Feb 2011 15:48:03 +0100
- To: Nathan <nathan@webr3.org>
- Cc: "Karl Dubost" <karld@opera.com>, "www-tag@w3.org WG" <www-tag@w3.org>
On Wed, 02 Feb 2011 21:12:52 +0100, Nathan <nathan@webr3.org> wrote: > Anne van Kesteren wrote: >> Fundamentally changing the essentials of the web security model is >> like hoping XHTML 2.0 or Cookie2 will succeed. It will not happen >> unless everything changes. > > Can you send me a link to "the web security model" please, somehow I've > managed never to see that spec or any definition of it. (embarrassing!) > > I'd certainly be interested in reading all about why Cookies and > stateful HTTP usage are good for security and to be adopted heavily, > whilst reading the comments in a publicly available javascript embedded > from a "cross-origin" is big security concern to be prevented at all > costs. Should be a great read and very enlightening. > > Thanks much for pointing it out, I am pretty sure you are being sarcastic, but there is no real central definition of the "the web security model". It was mostly developed adhoc as the platform evolved. http://tools.ietf.org/html/draft-ietf-websec-origin which came from the HTML5 work defines an important part of it. -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 3 February 2011 14:48:38 UTC