Commit c0dd1c39 authored by Sylvestre Ledru's avatar Sylvestre Ledru
Browse files

isolation: extend a bit the doc to make it easier to understand

parent b8270c2c

baseline/v0.0.2/source/EN-304-617.md

+8 −6
Original line number Original line Diff line number Diff line
@@ -476,15 +476,17 @@ This requirement for user agency fundamentally shapes the browser security model 
### 4.6.1 Isolation Mechanisms

### 4.6.1 Isolation Mechanisms





#### 4.6.1.1 Domain and Origin Isolation

#### 4.6.1.1 Domain and Origin Isolation

**[DOM]** The manufacturer shall implement security boundaries between different web contexts to prevent unauthorized cross-domain access and maintain the integrity of the same-origin policy.

**[DOM]** The manufacturer shall ensure that execution contexts belonging to different origins are securely isolated to prevent unauthorized data access, code execution, or state manipulation across boundaries.

Isolation shall include process separation, independent storage and cache spaces, and validation of all cross-origin communication through standardized, browser-mediated mechanisms such as Cross-Origin Resource Sharing (CORS), which allows controlled sharing of resources between origins through validated HTTP headers, and postMessage, which provides a secure message-passing interface between isolated contexts (e.g. frames or windows).

Any relaxation of isolation shall be explicitly authorized, documented, and monitored to prevent data leakage or privilege escalation.





**Capability**: Browser implements domain URL isolation and origin-based security contexts (protocol, domain, port combinations)

**Capability**: Browser enforces isolation between domains and origins (defined by scheme, host, and port) to protect integrity and confidentiality of data and execution.





**Conditions**:

**Conditions**:

* DOM-0: Strict isolation enforced with no relaxation mechanisms

* DOM-0: Full isolation: Each origin is strictly separated. No mechanism exists for cross-origin access or relaxation.

* DOM-1: Isolation with controlled relaxation (CORS, postMessage)

* DOM-1: Controlled isolation: Isolation is enforced by default but may be selectively relaxed through standardized, browser-mediated mechanisms (e.g. CORS or postMessage) with explicit validation.

* DOM-2: Isolation with user-configurable exceptions

* DOM-2: Configurable isolation: Isolation is enforced by default, but users or administrators can define exceptions via explicit configuration or policy.

* DOM-3: Isolation with extensive third-party integration points

* DOM-3: Integrated isolation: Isolation remains in place, but third-party integrations, compatibility modes, or embedded components may introduce controlled exceptions under defined policies.





**Threats**:

**Threats**:

* Cross-site scripting (XSS) attacks

* Cross-site scripting (XSS) attacks