IETF Logo Mail Archive

Re: [websec] Principles of the Same-Origin Policy

Peter Saint-Andre <stpeter@stpeter.im> Thu, 24 February 2011 21:22 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: websec@core3.amsl.com
Delivered-To: websec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 07B733A6832 for <websec@core3.amsl.com>; Thu, 24 Feb 2011 13:22:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.641
X-Spam-Level:
X-Spam-Status: No, score=-102.641 tagged_above=-999 required=5 tests=[AWL=-0.042, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ff24V-Et5TiM for <websec@core3.amsl.com>; Thu, 24 Feb 2011 13:21:56 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 697A83A6807 for <websec@ietf.org>; Thu, 24 Feb 2011 13:21:56 -0800 (PST)
Received: from dhcp-64-101-72-185.cisco.com (dhcp-64-101-72-185.cisco.com [64.101.72.185]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 93FF24011B for <websec@ietf.org>; Thu, 24 Feb 2011 14:41:38 -0700 (MST)
Message-ID: <4D66CC25.6070202@stpeter.im>
Date: Thu, 24 Feb 2011 14:22:45 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: websec@ietf.org
References: <AANLkTi=nCJSC2ZpY6R_NPJUjODAgiYcRSZTaSxWr8+Fz@mail.gmail.com>
In-Reply-To: <AANLkTi=nCJSC2ZpY6R_NPJUjODAgiYcRSZTaSxWr8+Fz@mail.gmail.com>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms040209060904040006010408"
Subject: Re: [websec] Principles of the Same-Origin Policy
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2011 21:22:00 -0000

On 2/21/11 3:10 PM, Adam Barth wrote:
> Pursuant to the charter, I've posted an informational draft that
> "describes the same-origin security model overall:"
> 
> http://www.ietf.org/id/draft-abarth-principles-of-origin-00.txt
> 
> I don't expect this document to be very controversial.  I'm sure folks
> will nitpick me over renaming URL to URI and MIME types to media
> types, however.  :)

Adam, what do you see as the relationship or division of work between
draft-ietf-websec-origin and draft-abarth-principles-of-origin?

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.43.4 | Report a Bug | By Email | System Status