… 2017 W3C Process Document 1. Definitions Topic An HTTP [ RFC7230 ] (or HTTPS [ RFC2818 ]) resource URL. The unit to which one can subscribe to changes. Hub ("the hub") The server (URL [ URL ]) which implements both sides of this protocol. Any hub MAY implement its own policies o…
…two content retrieval protocols: HTTP and HTTPS, as specified in [RFC2616] and [RFC2818], respectively. Future enhancements or usage of this framework may specify additional or alternative content retrieval protocols. For security requirements and considerations, please refer to …
…nted security and are typically layered between application protocols and TCP. [RFC2818] specifies how HTTP is layered onto TLS and defines the Uniform Resource Identifier (URI) scheme of "https" (in practice, however, HTTP user agents (UAs) typically use either TLS or SSL3, depe…
…ted security and are typically layered between application protocols and TCP. [ RFC2818 specifies how HTTP is layered onto TLS and defines the Uniform Resource Identifier (URI) scheme of "https" (in practice, however, HTTP user agents (UAs) typically use either TLS or SSL3, depen…
…ted security and are typically layered between application protocols and TCP. [ RFC2818 specifies how HTTP is layered onto TLS and defines the Uniform Resource Identifier (URI) scheme of "https" (in practice, however, HTTP user agents (UAs) typically use either TLS or SSL3, depen…
…ted security and are typically layered between application protocols and TCP. [ RFC2818 specifies how HTTP is layered onto TLS and defines the Uniform Resource Identifier (URI) scheme of "https" (in practice, however, HTTP user agents (UAs) typically use either TLS or SSL3, depen…
…ted security and are typically layered between application protocols and TCP. [ RFC2818 specifies how HTTP is layered onto TLS and defines the Uniform Resource Identifier (URI) scheme of "https" (in practice, however, HTTP user agents (UAs) typically use either TLS or SSL3, depen…
…sing TLS as described in Section 1.6 with server authentication as defined by [ RFC2818 ]. When using the implicit grant type, the access token is transmitted in the URI fragment, which can expose it to unauthorized parties. The authorization server MUST ensure that access tokens…
… using TLS as described in Section 1.6 with server authentication as defined by RFC2818 ]. When using the implicit grant type, the access token is transmitted in the URI fragment, which can expose it to unauthorized parties. The authorization server MUST ensure that access tokens…
…ce The guiding use case for ACME is obtaining certificates for websites (HTTPS [RFC2818]). In this case, a web server is intended to speak for one or more domains, and the process of certificate issuance is intended to verify that this web server actually speaks for the domain(s)…
… using TLS as described in Section 1.6 with server authentication as defined by RFC2818 ]. When using the implicit grant type, the access token is transmitted in the URI fragment, which can expose it to unauthorized parties. The authorization server MUST ensure that access tokens…
…e The guiding use case for ACME is obtaining certificates for websites (HTTPS [ RFC2818 ]). In this case, a web server is intended to speak for one or more domains, and the process of certificate issuance is intended to verify that this web server actually speaks for the domain(s…
… using TLS as described in Section 1.6 with server authentication as defined by RFC2818 ]. When using the implicit grant type, the access token is transmitted in the URI fragment, which can expose it to unauthorized parties. The authorization server MUST ensure that access tokens…
…WebSocket or HTTPS is verified according to the rules defined for secure HTTP [ RFC2818 ], then the browser will report the successful establishment of a secure connection to the application. (However, as noted, the application is still not able to independently inspect and verif…
…the origin can only be securely established if data is transferred over HTTPS [ RFC2818 ]. Thus, clients MUST treat HTTP and HTTPS origins as different permissions domains. Note: this follows directly from the origin security model and is stated here merely for clarity. Rescorla …