ISSUE-67: What is the Security Model for the access-control spec?

ac-security-model

What is the Security Model for the access-control spec?

State:
CLOSED
Product:
CORS
Raised by:
Arthur Barstow
Opened on:
2008-01-15
Description:
The AC4CSR spec is missing a description of its Security Model. For example, what is the threat model for attacks such as CSRF, XSS, etc.

This issue was raised by the WSC WG during its joint f2f meeting with the WAF WG on 5 November 2007:

<http://www.w3.org/2007/11/05-waf-minutes.html#item09>

It has also been a subject of discussion within e-mail exchanges on the public-appformats mail list:

<http://lists.w3.org/Archives/Public/public-appformats/>
Related Actions Items:
No related actions
Related emails:
No related emails

Related notes:

Moved to Issue #11 in the Web Application WG's Issues database:
<http://www.w3.org/2008/webapps/track/issues/11>

23 Jun 2008, 19:44:51

Display change log ATOM feed

Arthur Barstow <art.barstow@nokia.com>, Charles McCathieNevile <chaals@opera.com>, Chairs, Doug Schepers <schepers@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.287 2012/02/01 05:29:12 dom Exp $