Metadata related to a script to let a runtime decide in which execution context it should run

[h0ru5]

In a joint call between scripting TF an Security TF we identified that a runtime should be enabled to determine in which execution context (referring to this image) it should be run by metadata provided to it or/and by implicit rules / policies (i.e. in the absence of explicit metadata).

One prominent example from the web of pages is the origin, the same-origin-policy and cross-origin-resource-sharing.
However, this is just one example for related metadata.

We will go a twofold approach to drive this topic forward:

• identifying examples for metadata that is/can be relevant
• reaching out to groups / experts to discuss existing/ongoing work in this area

[h0ru5]

Examples of related work mentioned were e.g. the Web app manifest:

https://w3c.github.io/manifest/

https://developer.mozilla.org/en-US/docs/Web/Manifest

https://developers.google.com/web/updates/2014/11/Support-for-installable-web-apps-with-webapp-manifest-in-chrome-38-for-Android

[h0ru5]

others were iot.schema.org and their work on metadata for executables / mobile code

[zolkis]

We need to postpone this to a next charter.