Security/Features: Difference between revisions

Security/Features (view source)

Revision as of 21:45, 2 October 2009

128 bytes added , 2 October 2009

no edit summary

Sidstamm

canmove, Confirmed users

1,537

edits

@@ Line 11: / Line 11: @@
 | '''Implementation'''
 |-
-| Sec-From
+| Origin
 | Done
 | Done
@@ Line 20: / Line 20: @@
 | CSP
 | Done (2/2009)
-| In Progress
+| Pretty Much Done (9/2009)
 |
 | Done (8/2008)
-| In Progress
+| Beta (9/2009)
 |-
 | ForceTLS
@@ Line 51: / Line 51: @@
 * {{done|Write up an informal spec}} [[Security/Origin]]
 * {{done|Unify spec with Adam Barth's Internet Draft}} [http://webblaze.cs.berkeley.edu/2009/origin/origin.txt].
-* {{ok|Unify with CORS "Origin" or pick a new header name to avoid incompatibility.}}  Reworked as [[Security/Sec-From]].
+* {{done|Unify with CORS "Origin" or pick a new header name to avoid incompatibility.}}  <strike>Reworked as [[Security/Sec-From]].</strike>
 Such an "Origin" header is also mentioned in HTML 5 [http://www.w3.org/TR/cors/#origin-header].
@@ Line 76: / Line 76: @@
 Tasks:
-* {{ok|Find appropriate standards body to review this feature}}.
+* {{done|Find appropriate standards body to review this feature}} (IETF).
-* {{ok|Submit to standards body.}} [[Security/Sec-From]]
+* {{done|Submit to standards body.}}  (Adam is leading this)
@@ Line 150: / Line 150: @@
 * {{ok|create document explaining how to write a good policy}}
 * {{ok|create document explaining how to convert a site to support CSP}}
-* {{ok|create server-based test suite (for other UAs who implement CSP)}}
+* {{done|create server-based test suite (for other UAs who implement CSP)}}
-== ForceTLS ==
+== ForceTLS / Strict-Transport-Security ==
 '''Design''': Done (6/18/2009)
@@ Line 179: / Line 179: @@
 Tasks:
 * {{ok|IETF?}}
+* {{ok|W3C?}}  (Currently submitted here by Paypal)
 '''Prototype''': Done.  (6/2009)