ISSUE-11: What is the Security Model for the access-control spec?

security-model

What is the Security Model for the access-control spec?

State:
CLOSED
Product:
HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
Raised by:
Arthur Barstow
Opened on:
2008-06-23
Description:
[[ This issue was created on 2008-01-15 as Issue #21 in the Web Applications Formats (WAF) WG and is copied in totality to the Web Applications WG's Issues database:
<http://www.w3.org/2005/06/tracker/waf/issues/21> ]]

The AC4CSR spec is missing a description of its Security Model. For example, what is the threat model for attacks such as CSRF, XSS, etc.

This issue was raised by the WSC WG during its joint f2f meeting with the WAF WG on 5 November 2007:

<http://www.w3.org/2007/11/05-waf-minutes.html#item09>

It has also been a subject of discussion within e-mail exchanges on the public-appformats mail list:

<http://lists.w3.org/Archives/Public/public-appformats/>

Related Actions Items:
No related actions
Related emails:
  1. Re: proposal: add input/keyboard locale to text and keyboard events [ISSUE-119] (from aharon@google.com on 2010-12-05)
  2. RE: proposal: add input/keyboard locale to text and keyboard events [ISSUE-119] (from jrossi@microsoft.com on 2010-12-02)
  3. Re: proposal: add input/keyboard locale to text and keyboard events [ISSUE-119] (from aharon@google.com on 2010-12-02)
  4. Re: proposal: add input/keyboard locale to text and keyboard events [ISSUE-119] (from chuck@jumis.com on 2010-12-01)
  5. Re: proposal: add input/keyboard locale to text and keyboard events [ISSUE-119] (from jrossi@microsoft.com on 2010-12-01)
  6. [access-control] Proposal to Close Issue#11 - What is the Security Model for the access-control spec? (from art.barstow@nokia.com on 2008-10-09)
  7. [access-control] Issue list (from annevk@opera.com on 2008-07-08)
  8. ISSUE-11 (security-model): What is the Security Model for the access-control spec? [Access Control] (from sysbot+tracker@w3.org on 2008-06-23)

Related notes:

Closed. See http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/0072.html

Arthur Barstow, 21 Oct 2008, 16:03:01

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 11.html,v 1.1 2016/01/25 10:26:13 carine Exp $