Commit 478fe4c0 authored by Daniel Thompson-Yvetot's avatar Daniel Thompson-Yvetot
Browse files

Merge branch 'isolation' into 'main' 

isolation: extend a bit the doc to make it easier to understand

See merge request cyber/stan4cr2/en-304-617!18
parents 4c5857bd c0dd1c39

baseline/v0.0.2/source/EN-304-617.md

+8 −6
Original line number Diff line number Diff line
@@ -476,15 +476,17 @@ This requirement for user agency fundamentally shapes the browser security model 
### 4.6.1 Isolation Mechanisms



#### 4.6.1.1 Domain and Origin Isolation

**[DOM]** The manufacturer shall implement security boundaries between different web contexts to prevent unauthorized cross-domain access and maintain the integrity of the same-origin policy.

**[DOM]** The manufacturer shall ensure that execution contexts belonging to different origins are securely isolated to prevent unauthorized data access, code execution, or state manipulation across boundaries.

Isolation shall include process separation, independent storage and cache spaces, and validation of all cross-origin communication through standardized, browser-mediated mechanisms such as Cross-Origin Resource Sharing (CORS), which allows controlled sharing of resources between origins through validated HTTP headers, and postMessage, which provides a secure message-passing interface between isolated contexts (e.g. frames or windows).

Any relaxation of isolation shall be explicitly authorized, documented, and monitored to prevent data leakage or privilege escalation.



**Capability**: Browser implements domain URL isolation and origin-based security contexts (protocol, domain, port combinations)

**Capability**: Browser enforces isolation between domains and origins (defined by scheme, host, and port) to protect integrity and confidentiality of data and execution.



**Conditions**:

* DOM-0: Strict isolation enforced with no relaxation mechanisms

* DOM-1: Isolation with controlled relaxation (CORS, postMessage)

* DOM-2: Isolation with user-configurable exceptions

* DOM-3: Isolation with extensive third-party integration points

* DOM-0: Full isolation: Each origin is strictly separated. No mechanism exists for cross-origin access or relaxation.

* DOM-1: Controlled isolation: Isolation is enforced by default but may be selectively relaxed through standardized, browser-mediated mechanisms (e.g. CORS or postMessage) with explicit validation.

* DOM-2: Configurable isolation: Isolation is enforced by default, but users or administrators can define exceptions via explicit configuration or policy.

* DOM-3: Integrated isolation: Isolation remains in place, but third-party integrations, compatibility modes, or embedded components may introduce controlled exceptions under defined policies.



**Threats**:

* Cross-site scripting (XSS) attacks