W3C

Uniform Messaging Policy, Level One

W3C Working Group Note

This version:
http://www.w3.org/TR/2014/NOTE-UMP-20141002/
Latest Version:
http://www.w3.org/TR/UMP/
Previous Version:
http://www.w3.org/TR/2010/WD-UMP-20100126/
Editors:
Tyler Close (Google)
Mark Miller (Google)

Abstract

The Uniform Messaging Policy (UMP) enables cross-site messaging that avoids Cross-Site-Request-Forgery and similar attacks that abuse HTTP cookies and other credentials. For example, content from customer.example.org can safely specify requests to resources determined by service.example.com. Rather than restricting information retrieval to a single origin, as the Same Origin Policy almost does, the Uniform Messaging Policy supports origin independent messaging.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

Work on this document has been discontinued and it should not be referenced or used as a basis for implementation.

This is the 02 October 2014 Working Group Note of the "Uniform Messaging Policy" document. This document is produced by the Web Applications (WebApps) Working Group. The WebApps Working Group is part of the Rich Web Clients Activity in the W3C Interaction Domain.

Please send comments to the WebApps Working Group's public mailing list public-webapps@w3.org with [UMP] at the start of the subject line. Archives of this list are available. See also W3C mailing list and archive usage guidelines.

Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 14 October 2005 W3C Process Document.