Liaison statement
Response to Q7/17 "LS on security architecture and operations for web mashup service

Submission date 2012-07-31
From Security Area (Eliot Lear)
To ITU-T SG 17 (
Cc A Kremer, Koji Nakao, Eliot Lear, Stephen Farrell, Sean Turner, The IETF Chair, Barry Lieba, Pete Resnick,, Mark Nottingham
Response contact
Technical contact
Purpose In response
Referenced liaison LS on security architecture and operations for web mashup services
Attachments (None)
The IETF Security Area thanks ITU-T study group 17 for the opportunity to
comment on the proposed new work item, X.websec-5. There are numerous related
activities to this work, including the work of the following IETF working
groups in the Applications and Security areas:

·      Web Security (websec)
·      Web Authorization Protocol (oauth)
·      Transport Layer Security (tls)

We bring to your attention RFC-6454 "The Web Origin Concept",
draft-ietf-websec-frame-options, as well as 
draft-ietf-websec-x-frame-options, each of which looks at improving overall
web security of which mashups are classed.

In addition, we are aware of a considerable amount of effort in this area in
the W3C.

As always, we welcome participation in discussions about IETF protocols
through our mailing lists,,, and