Re: Sub-domain granularity: the poverty of the domain name as the only hook for security


Hmmm.  Thanks for the link. That document introduced sub-origns which are arbitrary strings which a page can optionally declare itself to be part of.   Although it says "..., suborigins will have the important property of being predictable, well-defined, and hierarchical," it isn't clear that they are in fact hierarchical at all in the sense that the path is.

It seems simpler and more powerful to just extend the current origin policy but introduce the '/' as well as the DNS '.' in the hierarchy of origins. 


On 2015-03 -16, at 09:36, Anne van Kesteren <> wrote:

> On Mon, Mar 16, 2015 at 2:28 PM, Tim Berners-Lee <> wrote:
>> Similarly the Same Origin Policy in general is very hampering and in that it
>> only works at the domain level not at any path level.   It would have been
>> not very much harder to set both of them up to work on subtrees within the
>> domain, and both would have been much more powerful and useful.  I propose
>> they both be fixed in future.
> might be of interest. It's not exactly an easy problem to solve
> though.
> -- 

Received on Monday, 16 March 2015 19:39:36 UTC