The Web Security Model (was: breakage and consistency of the Web platform)

On Feb 3, 2011, at 15:48 , Anne van Kesteren wrote:
> I am pretty sure you are being sarcastic, but there is no real central definition of the "the web security model". It was mostly developed adhoc as the platform evolved. http://tools.ietf.org/html/draft-ietf-websec-origin which came from the HTML5 work defines an important part of it.

The more time passes and the more questions I get about this, the more I'm convinced that not having this written up is a problem. Perhaps not a pressing problem, but one nevertheless. Most if not all of the pieces are actually available, but there's no document that says "for the definitive story, go read this and that, and here are the missing bits". It would be way exaggerated to state that this is security in obscurity, but it would certainly benefit from clarity.

This is an architectural issue that requires documenting. Who you gonna call?

-- 
Robin Berjon - http://berjon.com/

Received on Wednesday, 9 February 2011 12:41:36 UTC