W3C home > Mailing lists > Public > www-tag@w3.org > March 2015

Re: Sub-domain granularity: the poverty of the domain name as the only hook for security

From: Tim Berners-Lee <timbl@w3.org>
Date: Mon, 16 Mar 2015 15:39:34 -0400
Cc: Public TAG List <www-tag@w3.org>, Mark Nottingham <mnot@mnot.net>
Message-Id: <0AF32D90-EF31-4F41-A7E5-AE6C06724562@w3.org>
To: Anne van Kesteren <annevk@annevk.nl>
Anne

Hmmm.  Thanks for the link. That document introduced sub-origns which are arbitrary strings which a page can optionally declare itself to be part of.   Although it says "..., suborigins will have the important property of being predictable, well-defined, and hierarchical," it isn't clear that they are in fact hierarchical at all in the sense that the path is.

It seems simpler and more powerful to just extend the current origin policy but introduce the '/' as well as the DNS '.' in the hierarchy of origins. 

Tim

On 2015-03 -16, at 09:36, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Mon, Mar 16, 2015 at 2:28 PM, Tim Berners-Lee <timbl@w3.org> wrote:
>> Similarly the Same Origin Policy in general is very hampering and in that it
>> only works at the domain level not at any path level.   It would have been
>> not very much harder to set both of them up to work on subtrees within the
>> domain, and both would have been much more powerful and useful.  I propose
>> they both be fixed in future.
> 
> https://www.chromium.org/developers/design-documents/per-page-suborigins
> might be of interest. It's not exactly an easy problem to solve
> though.
> 
> 
> -- 
> https://annevankesteren.nl/
> 


Received on Monday, 16 March 2015 19:39:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:10 UTC