ISSUE-26: Should key generation be allowed to specify multi-origin shared access

multi-origin access

Should key generation be allowed to specify multi-origin shared access

State:
CLOSED
Product:
key definition for Web Crypto API
Raised by:
Ryan Sleevi
Opened on:
2012-08-22
Description:
The charter defines as "out of scope" as "access-control mechanisms beyond the enforcement of the same-origin policy"

However, it was initially proposed by David Dahl, that during key generation, an application may be permitted to specify alternative origins be allowed to access the same key material. For example, it might include a DOMString[] of authorized origins, for which, if the key is generated, they're permitted to access.

Additionally, there's outstanding question as to whether an origin, with access to a key, may be able to grant access to other origins proactively.
Related Actions Items:
No related actions
Related emails:
  1. Re: ISSUE-26 is expecting proposal or will be postponed (from sleevi@google.com on 2013-05-08)
  2. Re: ISSUE-26 is expecting proposal or will be postponed (from Nick.Van.den.Bleeken@inventivegroup.com on 2013-05-08)
  3. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from hhalpin@w3.org on 2013-03-04)
  4. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from watsonm@netflix.com on 2013-03-04)
  5. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from hhalpin@w3.org on 2013-03-04)
  6. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from watsonm@netflix.com on 2013-03-04)
  7. ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from hhalpin@w3.org on 2013-03-04)
  8. Re: ISSUE-19 is expecting proposal or will be postponed (from rbarnes@bbn.com on 2013-02-27)
  9. Re: ISSUE-26 is expecting proposal or will be postponed (from rbarnes@bbn.com on 2013-02-27)
  10. Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from mountie.lee@mw2.or.kr on 2013-02-26)
  11. Re: ISSUE-30: Key import/export? (from mountie.lee@mw2.or.kr on 2013-02-26)
  12. Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from sleevi@google.com on 2013-02-25)
  13. Re: ISSUE-30: Key import/export? (from sleevi@google.com on 2013-02-25)
  14. Re: ISSUE-30: Key import/export? (from sleevi@google.com on 2013-02-25)
  15. ISSUE-30: Key import/export? (from hhalpin@w3.org on 2013-02-25)
  16. ISSUE-19 is expecting proposal or will be postponed (from Virginie.GALINDO@gemalto.com on 2013-02-25)
  17. ISSUE-26 is expecting proposal or will be postponed (from Virginie.GALINDO@gemalto.com on 2013-02-25)
  18. W3C Web Crypto WG - classifying issues (from Virginie.GALINDO@gemalto.com on 2013-02-18)
  19. PROPOSAL: CLOSE ISSUE-40: How should we define key discovery, noting asynchronicity (from Virginie.GALINDO@gemalto.com on 2013-02-11)
  20. Re: PROPOSAL: Move ISSUE-40: How should we define key discovery, noting asynchronicity ( was Re: W3C Web Crypto WG - classifying issues ) (from watsonm@netflix.com on 2013-02-11)
  21. Re: W3C Web Crypto WG - classifying issues (from sleevi@google.com on 2013-02-07)
  22. Re: PROPOSAL: Move ISSUE-40: How should we define key discovery, noting asynchronicity ( was Re: W3C Web Crypto WG - classifying issues ) (from sleevi@google.com on 2013-02-07)
  23. Re: PROPOSAL: Move Issue-25: How do we provision a globally unique ID (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  24. PROPOSAL: ??? ISSUE-24: Defining a synchronous API (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  25. PROPOSAL: Move Issue-25: How do we provision a globally unique ID (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  26. PROPOSAL: Postpone ISSUE-26: Should key generation be allowed to specify multi-origin access (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  27. PROPOSAL: Move ISSUE-30: How does the application know where the key is stored? (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  28. PROPOSAL: Postpone ISSUE-34: Representation of Certificates (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  29. PROPOSAL: Move ISSUE-40: How should we define key discovery, noting asynchronicity ( was Re: W3C Web Crypto WG - classifying issues ) (from sleevi@google.com on 2013-02-07)
  30. RE: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from Virginie.GALINDO@gemalto.com on 2013-02-07)
  31. W3C Web Crypto WG - classifying issues (from Virginie.GALINDO@gemalto.com on 2013-02-07)
  32. Re: W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from watsonm@netflix.com on 2013-02-04)
  33. RE: W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from Asad.Ali@gemalto.com on 2013-02-04)
  34. Re: W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from S.Durbha@cablelabs.com on 2013-02-04)
  35. W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from Virginie.GALINDO@gemalto.com on 2013-02-04)
  36. Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from mountie.lee@mw2.or.kr on 2013-02-02)
  37. Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from mountie.lee@mw2.or.kr on 2013-02-01)
  38. Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from sleevi@google.com on 2013-01-31)
  39. PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from sleevi@google.com on 2013-01-31)
  40. Re: Privacy Interest Group to review Web Crypto API - a draft (from hhalpin@w3.org on 2012-09-24)
  41. Re: Privacy Interest Group to review Web Crypto API - a draft (from sleevi@google.com on 2012-09-20)
  42. RE: New Editor's Draft Published (from karen.lu@gemalto.com on 2012-09-04)
  43. Re: crypto-ISSUE-17: Define the scope and API for custom key attributes [Web Cryptography API] (from sleevi@google.com on 2012-08-31)
  44. New Editor's Draft Published (from sleevi@google.com on 2012-08-31)
  45. Re: crypto-ISSUE-17: Define the scope and API for custom key attributes [Web Cryptography API] (from sleevi@google.com on 2012-08-27)
  46. Re: [W3C Web Crypto WG] - Comments on Draft API v21 (from sleevi@google.com on 2012-08-27)
  47. [W3C Web Crypto WG] - Comments on Draft API v21 (from Asad.Ali@gemalto.com on 2012-08-27)
  48. W3C Web Crypto WG - agenda for 27th of august call - today (from Virginie.GALINDO@gemalto.com on 2012-08-27)
  49. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from channy@mozilla.or.kr on 2012-08-26)
  50. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from wtc@google.com on 2012-08-24)
  51. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from mountie.lee@mw2.or.kr on 2012-08-24)
  52. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from ddahl@mozilla.com on 2012-08-23)
  53. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from ddahl@mozilla.com on 2012-08-23)
  54. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from S.Durbha@cablelabs.com on 2012-08-23)
  55. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from mountie.lee@mw2.or.kr on 2012-08-23)
  56. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from mountie.lee@mw2.or.kr on 2012-08-23)
  57. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from sleevi@google.com on 2012-08-22)
  58. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from wtc@google.com on 2012-08-22)
  59. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from sleevi@google.com on 2012-08-22)
  60. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from S.Durbha@cablelabs.com on 2012-08-22)
  61. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from sleevi@google.com on 2012-08-22)
  62. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from S.Durbha@cablelabs.com on 2012-08-22)
  63. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from sleevi@google.com on 2012-08-22)
  64. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from S.Durbha@cablelabs.com on 2012-08-22)
  65. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from watsonm@netflix.com on 2012-08-22)
  66. ISSUE-26 (was Re: origin bound key generation) (from sleevi@google.com on 2012-08-22)
  67. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from sleevi@google.com on 2012-08-22)
  68. Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from ddahl@mozilla.com on 2012-08-22)
  69. crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] (from sysbot+tracker@w3.org on 2012-08-22)

Related notes:

No additional notes.

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 26.html,v 1.1 2017/02/13 16:16:51 ted Exp $