W3C home > Mailing lists > Public > www-tag@w3.org > February 2011

Re: The Web Security Model (was: breakage and consistency of the Web platform)

From: Robin Berjon <robin@berjon.com>
Date: Wed, 9 Feb 2011 14:29:07 +0100
Cc: Anne van Kesteren <annevk@opera.com>, Karl Dubost <karld@opera.com>, "www-tag@w3.org WG" <www-tag@w3.org>
Message-Id: <655E864E-72EF-40D0-8340-03C2221398A1@berjon.com>
To: John Kemp <john@jkemp.net>
On Feb 9, 2011, at 14:04 , John Kemp wrote:
> At the TAG F2F meeting yesterday, I talked about "Security on the Web" (http://www.w3.org/2001/tag/2011/02/security-web.html), and my understanding is roughly that same as what Anne said above:
>>>> there is no real central definition of the "the web security model". It was mostly developed adhoc as the platform evolved.

I think that there's actually broad consensus about that.

> Security was not designed into the architecture, but various security features were developed in conjunction with the massive growth of Web technologies in general (where security came second to several other factors).

It was not designed into a lot of the original architecture, but it is being designed into today's work. But it's all based on lore and the hope that smart people will catch your mistakes.

> The security issues of the Web are more fundamental than what is currently captured by the various specifications and I agree that it would be nice to document these issues. 

So... TAG issue?

Robin Berjon - http://berjon.com/
Received on Wednesday, 9 February 2011 13:29:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:37 UTC