Liaison statement
Response to Q7/17 "LS on security architecture and operations for web mashup service

Submission date 2012-07-31
From Security Area (Eliot Lear)
To ITU-T SG 17 (
Cc A Kremer, Koji Nakao, Eliot Lear, Stephen Farrell, Sean Turner, The IETF Chair, Barry Lieba, Pete Resnick,, Mark Nottingham
Response contact
Technical contact
Purpose In response
Referenced liaison LS on security architecture and operations for web mashup services
Attachments (None)
The IETF Security Area thanks ITU-T study group 17 for the opportunity
to comment on the proposed new work item, X.websec-5. There are
numerous related activities to this work, including the work of the
following IETF working groups in the Applications and Security areas:

·      Web Security (websec)
·      Web Authorization Protocol (oauth)
·      Transport Layer Security (tls)

We bring to your attention RFC-6454 "The Web Origin Concept",
draft-ietf-websec-frame-options, as well as 
draft-ietf-websec-x-frame-options, each of which looks at improving
overall web security of which mashups are classed.

In addition, we are aware of a considerable amount of effort in this
area in the W3C.

As always, we welcome participation in discussions about IETF protocols
through our mailing lists,,, and