Hi everyone, I have been involved in some on-again-off-again discussions about access control over the past few months with various security experts at OpenAjax Alliance and at IBM, and a little with Doug Crockford of Yahoo. It will take me some time to do my homework and research what various people have said, but I just wanted the WAF committee to expect that in the next few weeks I will do my best to consolidate the various discussions and send good feedback on the security pros and cons of the latest access control draft. For now, I will say that some concerns will be raised.
Jon
Jon Ferraiolo <[EMAIL PROTECTED]>
OpenAjax Alliance and IBM
Thomas Roessler
<[EMAIL PROTECTED]>
Sent by: To
public-appformats [email protected]
[EMAIL PROTECTED] cc
Subject
08/30/2007 12:55 Heads-up: Some buzz about
AM access-control
Apparently, the Mozilla folks have announced support for the
access-control spec, and caused some buzz about it.
I've dropped some pointers to this WG's public comment address.
Cheers,
--
Thomas Roessler, W3C <[EMAIL PROTECTED]>
----- Forwarded message from [EMAIL PROTECTED] -----
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Tue, 28 Aug 2007 18:54:19 -0400 (EDT)
Subject: [WEB SECURITY] firefox3 vuln by design?
X-Spam-Level:
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5
pdp had an interesting read at
http://www.gnucitizen.org/blog/i-dont-think-that-you-understand-firefox3-vulnerable-by-design
Any mozilla people care to chime in?
- Robert
http://www.cgisecurity.com/
http://www.qasec.com/
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
----- End forwarded message -----
<<inline: graycol.gif>>
<<inline: pic27449.gif>>
<<inline: ecblank.gif>>
