Relevant background: http://lists.w3.org/Archives/Public/public-webappsec/2013Aug/0016.html http://blog.joelweinberger.us/2013/08/suborigins-for-privilege-separation-in.html
Le jeudi 23 janvier 2014 11:58:30 UTC+1, David Bruant a écrit : > > Hi, > > I came across this today: > http://www.chromium.org/developers/design-documents/per-page-suborigins > The quote from this document that is triggering the present email is the > following : > "We want to create a new browser primitive to provide isolation within a > single origin between disparate components." > This reminds me *a lot* of the purpose of Caja (minus introducing new > browser primitives) > > The idea of "suborigin" rang a bell. It reminded me something about > ellipses being approximated by circles, circles-on-circles, > circles-on-circles-on-circles [1]. > > I need to read the proposal in detail to see if it's only finer-grained > identity-based access control. But I thought that you might be > interested and might want to participate to the discussion [2]. > > David > > [1] http://www.infoq.com/presentations/Secure-Distributed-Programming > [2] > > https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/XahQcU2mYCk > > -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
