Re: ACTION-695: Check with Thomas Roessler on whether security review of CORS is coming up in W3C/IETF liaison

On 2012-09-11, at 09:20 -0400, Jonathan A Rees <rees@mumble.net> wrote:

> My google search didn't find discussion of this report. Maybe it was never submitted to any WG.

The researchers raised individual issues with relevant WGs.  I don't have a complete view of how those got disposed of, but know that, in some cases, things were working as designed.

> If the TAG wants to talk about web app security this seems like it might be a great starting point.

I'll note that this report looked more at things like consistency between various specifications, but less at the architectural level.  From my perspective, it would be great if the TAG were to wrap its mind around the architectural changes to Web application security that we have seen over the last 10 years, and if the TAG was to work on developing a vision for that.

Received on Tuesday, 11 September 2012 14:13:51 UTC