Skip to main content

Liaison statement
Response to Q7/17 "LS on security architecture and operations for web mashup service

State Posted
Submitted Date 2012-07-31
From Group SEC
From Contact Eliot Lear
To Group ITU-T-SG-17
To Contacts tsbsg17@itu.int
Cc A Kremer <kremer@rans.ru>
Koji Nakao <ko-nakao@kddi.com>
Eliot Lear <lear@cisco.com>
Stephen Farrell <stephen.farrell@cs.tcd.ie>
Sean Turner <turners@ieca.com>
The IETF Chair <chair@ietf.org>
Barry Lieba <barrylieba@computer.org>
Pete Resnick <presnick@qualcomm.com>
jhnah@etri.re.kr
Mark Nottingham <mnot@mnot.net>
Response Contact lear@cisco.com
Technical Contact stephen.farrell@cs.tcd.ie
Purpose In response
Attachments (None)
Liaisons referred by this one LS on security architecture and operations for web mashup services
Body
The IETF Security Area thanks ITU-T study group 17 for the opportunity to
comment on the proposed new work item, X.websec-5. There are numerous related
activities to this work, including the work of the following IETF working
groups in the Applications and Security areas:

·      Web Security (websec)
·      Web Authorization Protocol (oauth)
·      Transport Layer Security (tls)

We bring to your attention RFC-6454 "The Web Origin Concept",
draft-ietf-websec-frame-options, as well as  draft-ietf-websec-x-frame-options,
each of which looks at improving overall web security of which mashups are
classed.

In addition, we are aware of a considerable amount of effort in this area in
the W3C.

As always, we welcome participation in discussions about IETF protocols through
our mailing lists, websec@ietf.org, oauth@ietf.org, and tls@ietf.org.