[whatwg] "secure" attribute in Storage section of WA spec

Gervase Markham gerv at mozilla.org
Mon Jun 26 04:56:20 PDT 2006


The Web Applications 1.0 spec says:

> 5.7.3. The StorageItem interface
> 
> Items in Storage objects are represented by objects implementing the
> StorageItem interface.
> 
> interface StorageItem {
>            attribute boolean secure;
>            attribute DOMString value;
> };

I would like to suggest the the "secure" attribute be an integer rather
than a boolean, initially with 0 meaning insecure, and 1 meaning secure.

The reason is that the CA industry and the browser manufacturers,
through the CA/Browser forum, are currently working on a more
stringently validated type of certificate ("EV" certs, for "extended
validation"). These would require applicants to reveal much more
information about themselves, and have it verified more carefully (e.g.
by a site visit). If and when such a certificate exists, UA
implementations may wish to differentiate between the two, and add an
extra value for these ("2").

So, for example, you could have StorageItems which were only returned if
the page on the site was secured with a new EV cert, and was not
accessible to pages which had an ordinary cert or no cert.

Does this make sense?

Gerv





More information about the whatwg mailing list