IETF Logo Mail Archive

[websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origin Concept) to Proposed Standard

The IESG <iesg-secretary@ietf.org> Tue, 23 August 2011 21:19 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1356321F8D7B; Tue, 23 Aug 2011 14:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.535
X-Spam-Level:
X-Spam-Status: No, score=-102.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-aUs1Fn9Zn5; Tue, 23 Aug 2011 14:19:53 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3A1521F8B35; Tue, 23 Aug 2011 14:19:53 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 3.59
Message-ID: <20110823211953.14482.9265.idtracker@ietfa.amsl.com>
Date: Tue, 23 Aug 2011 14:19:53 -0700
Cc: websec@ietf.org
Subject: [websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origin Concept) to Proposed Standard
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2011 21:19:54 -0000

The IESG has received a request from the Web Security WG (websec) to
consider the following document:
- 'The Web Origin Concept'
  <draft-ietf-websec-origin-04.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-09-06. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   This document defines the concept of an "origin", which is often used
   as the scope of authority or privilege by user agents.  Typically,
   user agents isolate content retrieved from different origins to
   prevent malicious web site operators from interfering with the
   operation of benign web sites.  In addition to outlining the
   principles that underlie the concept of origin, this document defines
   how to determine the origin of a URI, how to serialize an origin into
   a string, and an HTTP header, named "Origin", that indicates which
   origins are associated with an HTTP request.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-websec-origin/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-websec-origin/


No IPR declarations have been submitted directly on this I-D.

v2.23.0 | Report a Bug | By Email