Presentation is loading. Please wait.

Presentation is loading. Please wait.

SafeFrames: An Overview

Published byClifton Perry Modified over 9 years ago

Similar presentations

Presentation on theme: "SafeFrames: An Overview"— Presentation transcript:

0 Co-Chairs Sean Snider, Yahoo! Prabhakar Goyal, Microsoft
Dec 11th, 2012 IAB SafeFrames Co-Chairs Sean Snider, Yahoo! Prabhakar Goyal, Microsoft

1 SafeFrames: An Overview
What are SafeFrames? A secure and flexible framework that provides the ability to create containers around HTML content served from sources external (e.g. Ad Server) to a host server (i.e. Publisher)

2 SF In-page Communication
Publisher Webpage External Party Server 1. External Content Received (as data) 2. API Initiated 3. Vendor Content Rendered SafeFrame 4. Communication

3 SafeFrames Technology
Host External Content Content Domain Ads

4 SafeFrames Technology
Host Host Secondary Domain External Content Content Domain Where SafeFrame lives Where external party content is served Ads

5 SafeFrames Technology
Host Safe-Frame API Host Secondary Domain External Content Content Domain Protocols for communication Where SafeFrame lives Where external party content is served Ads

6 SafeFrames: Value Added
Consumer Safety Host Benefits (i.e. Publisher) Transparency Control / Stability External Party Benefits (i.e. Ad Agency) More rich-media demand in more places Standardized Functionality

7 SafeFrames: Consumer Safety
Content from un-vetted sources do not have direct access to the host web page Cannot set/read host cookies without explicit publisher permission Cannot set/read HTML form data Proprietary rules can be implemented to further enhance security

8 SafeFrames: Transparency
Host web page has a container around content Allows for geometric information about the external content to be easily measured and shared (e.g. viewability). Meta-data passing between host and external content is explicitly defined Both host and external content are aware of various rich-media functions

9 SafeFrames: Control / Stability
No JavaScript/CSS/HTML element name pollution Host can measure performance easily Rich-media functionality is clearly defined and known

10 Safe Frames: Standardization
Functionality clearly defined and is extensible over time Rich-media Meta-data Host URL

11 SafeFrames: Host Decisions
Currently using iframe? Yes No Implement SafeFrame Allowing rich media? Yes* No Does SafeFrame support my rich media types? Yes

12 SafeFrames: External Party Decisions
Inside iframe? No Use current behavior Yes Nested immediately under host? window.parent == top No Yes Implement SafeFrame $sf.ext JavaScript namespace exists? No Yes

13 SafeFrames: Rich-Media Matrix

Download ppt "SafeFrames: An Overview"

Similar presentations

CS193H: High Performance Web Sites Lecture 10: Rule 6 – Put Scripts at the Bottom Steve Souders Google

CS193H: High Performance Web Sites Lecture 10: Rule 6 – Put Scripts at the Bottom Steve Souders Google
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
Technology & Implementation. Our Company Founded in 2003, Opt-Intelligence operates a leading Opt-In Ad Solution built on our patent-pending Clear-Request™

Technology & Implementation. Our Company Founded in 2003, Opt-Intelligence operates a leading Opt-In Ad Solution built on our patent-pending Clear-Request™
17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.

17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.
Site and user security concerns for real time content serving Chris Mejia, IAB Sean Snider, Yahoo! Prabhakar Goyal, Microsoft.

Site and user security concerns for real time content serving Chris Mejia, IAB Sean Snider, Yahoo! Prabhakar Goyal, Microsoft.
ESRI Geoportal Extension 10 November 2010 Out-of-the-box capabilities and additional options.

ESRI Geoportal Extension 10 November 2010 Out-of-the-box capabilities and additional options.
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Create Windows ® Applications with.NET Allan Knudsen.NET Developer Evangelist Microsoft.

Create Windows ® Applications with.NET Allan Knudsen.NET Developer Evangelist Microsoft.
Peoplesoft: Building and Consuming Web Services

Peoplesoft: Building and Consuming Web Services
Introduction 2: Internet, Intranet, and Extranet J394 – Perancangan Situs Web Program Sudi Manajemen Universitas Bina Nusantara.

Introduction 2: Internet, Intranet, and Extranet J394 – Perancangan Situs Web Program Sudi Manajemen Universitas Bina Nusantara.
© 2004, Robert K. Moniot Chapter 1 Introduction to Computers and the Internet.

© 2004, Robert K. Moniot Chapter 1 Introduction to Computers and the Internet.
Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.

Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.
Tutorial 6 Forms Section A - Working with Forms in JavaScript.

Tutorial 6 Forms Section A - Working with Forms in JavaScript.
The Internet & The World Wide Web Notes

The Internet & The World Wide Web Notes
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 2013 Technical Preview and published July 2012. Introducing.

©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 2013 Technical Preview and published July Introducing.
 What I hate about you things people often do that hurt their Web site’s chances with search engines.

 What I hate about you things people often do that hurt their Web site’s chances with search engines.
Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Similar presentations

Ads by Google