Liaison statement
Response to Q7/17 "LS on security architecture and operations for web mashup service

State Posted
Posted Date 2012-07-31
From Group SEC
From Contact Eliot Lear
To Group ITU-T-SG-17
To Contacts
CcA Kremer
Koji Nakao
Eliot Lear
Stephen Farrell
Sean Turner
The IETF Chair
Barry Lieba
Pete Resnick
Mark Nottingham
Response Contact
Technical Contact
Purpose In response
Attachments (None)
Liaisons referred by this one LS on security architecture and operations for web mashup services
The IETF Security Area thanks ITU-T study group 17 for the opportunity to
comment on the proposed new work item, X.websec-5. There are numerous related
activities to this work, including the work of the following IETF working
groups in the Applications and Security areas:

·      Web Security (websec)
·      Web Authorization Protocol (oauth)
·      Transport Layer Security (tls)

We bring to your attention RFC-6454 "The Web Origin Concept",
draft-ietf-websec-frame-options, as well as 
draft-ietf-websec-x-frame-options, each of which looks at improving overall
web security of which mashups are classed.

In addition, we are aware of a considerable amount of effort in this area in
the W3C.

As always, we welcome participation in discussions about IETF protocols
through our mailing lists,,, and