IETF Logo Mail Archive

[websec] Principles of the Same-Origin Policy

Adam Barth <ietf@adambarth.com> Mon, 21 February 2011 22:10 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: websec@core3.amsl.com
Delivered-To: websec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D21D73A7186 for <websec@core3.amsl.com>; Mon, 21 Feb 2011 14:10:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.828
X-Spam-Level:
X-Spam-Status: No, score=-2.828 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I25DadwOQcg5 for <websec@core3.amsl.com>; Mon, 21 Feb 2011 14:10:20 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id E74573A7153 for <websec@ietf.org>; Mon, 21 Feb 2011 14:10:19 -0800 (PST)
Received: by wyb42 with SMTP id 42so763443wyb.31 for <websec@ietf.org>; Mon, 21 Feb 2011 14:11:02 -0800 (PST)
Received: by 10.216.173.82 with SMTP id u60mr1627292wel.0.1298326260229; Mon, 21 Feb 2011 14:11:00 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx.google.com with ESMTPS id c54sm2311193wer.30.2011.02.21.14.10.58 (version=SSLv3 cipher=OTHER); Mon, 21 Feb 2011 14:10:59 -0800 (PST)
Received: by iyj8 with SMTP id 8so1146225iyj.31 for <websec@ietf.org>; Mon, 21 Feb 2011 14:10:57 -0800 (PST)
Received: by 10.231.174.12 with SMTP id r12mr1066030ibz.155.1298326257060; Mon, 21 Feb 2011 14:10:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.215.67 with HTTP; Mon, 21 Feb 2011 14:10:27 -0800 (PST)
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 21 Feb 2011 14:10:27 -0800
Message-ID: <AANLkTi=nCJSC2ZpY6R_NPJUjODAgiYcRSZTaSxWr8+Fz@mail.gmail.com>
To: websec <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [websec] Principles of the Same-Origin Policy
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 22:10:20 -0000

Pursuant to the charter, I've posted an informational draft that
"describes the same-origin security model overall:"

http://www.ietf.org/id/draft-abarth-principles-of-origin-00.txt

I don't expect this document to be very controversial.  I'm sure folks
will nitpick me over renaming URL to URI and MIME types to media
types, however.  :)

Feedback welcome.

Adam

v2.43.4 | Report a Bug | By Email | System Status