Skip to main content

Principles of the Same-Origin Policy

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Adam Barth
Last updated 2011-02-21
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The security model of the web platform has evolved over time to meet the needs of new applications and to correct earlier mistakes. Although web security has evolved largely organically, the security model has converged towards a handful of key concepts. This document presents those concepts and provides advice to designers of new pieces of the web platform.


Adam Barth

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)