Liaison statement
Response to Q7/17 "LS on security architecture and operations for web mashup service
Additional information about IETF liaison relationships is available on the
IETF webpage
and the
Internet Architecture Board liaison webpage.
| State | Posted |
|---|---|
| Submitted Date | 2012-07-31 |
| From Group | SEC |
| From Contact | Eliot Lear |
| To Group | ITU-T-SG-17 |
| To Contacts | tsbsg17@itu.int |
| Cc | A Kremer <kremer@rans.ru> Koji Nakao <ko-nakao@kddi.com> Eliot Lear <lear@cisco.com> Stephen Farrell <stephen.farrell@cs.tcd.ie> Sean Turner <turners@ieca.com> The IETF Chair <chair@ietf.org> Barry Lieba <barrylieba@computer.org> Pete Resnick <presnick@qualcomm.com> jhnah@etri.re.kr Mark Nottingham <mnot@mnot.net> |
| Response Contact | lear@cisco.com |
| Technical Contact | stephen.farrell@cs.tcd.ie |
| Purpose | In response |
| Attachments | (None) |
| Liaisons referred by this one |
LS on security architecture and operations for web mashup services
|
| Body |
The IETF Security Area thanks ITU-T study group 17 for the opportunity to comment on the proposed new work item, X.websec-5. There are numerous related activities to this work, including the work of the following IETF working groups in the Applications and Security areas: · Web Security (websec) · Web Authorization Protocol (oauth) · Transport Layer Security (tls) We bring to your attention RFC-6454 "The Web Origin Concept", draft-ietf-websec-frame-options, as well as draft-ietf-websec-x-frame-options, each of which looks at improving overall web security of which mashups are classed. In addition, we are aware of a considerable amount of effort in this area in the W3C. As always, we welcome participation in discussions about IETF protocols through our mailing lists, websec@ietf.org, oauth@ietf.org, and tls@ietf.org. |