The IESG has received a request from the Web Security WG (websec) to consider the following document: - 'The Web Origin Concept' <draft-ietf-websec-origin-04.txt> as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2011-09-06. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document defines the concept of an "origin", which is often used as the scope of authority or privilege by user agents. Typically, user agents isolate content retrieved from different origins to prevent malicious web site operators from interfering with the operation of benign web sites. In addition to outlining the principles that underlie the concept of origin, this document defines how to determine the origin of a URI, how to serialize an origin into a string, and an HTTP header, named "Origin", that indicates which origins are associated with an HTTP request. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-websec-origin/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-websec-origin/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
