Re: [ac] wildcard rules and subdomains

• From: Thomas Roessler <tlr@w3.org>
• Date: Sat, 7 Jul 2007 00:47:15 +0200
• To: Jonas Sicking <jonas@sicking.cc>
• Cc: Mark Nottingham <mnot@yahoo-inc.com>, "WAF WG (public)" <public-appformats@w3.org>
• Message-ID: <20070706224715.GO6561@raktajino.does-not-exist.org>

On 2007-07-05 15:16:34 -0700, Jonas Sicking wrote:

> An alternative solution is to remove the wildcard syntax
> entierly, and say that it's implicitly always there. So

> Content-Access-Control: deny <evil.com>, allow <good.com>

> denies evil.com together with subdomains, while allowing good.com
> together with subdomains.

To be clear, I don't object against that particular wildcard syntax.
However, part of this discussion is likely moot given the thread
that Rhys (rightly) opened up with respect to the interaction with
POWDER.

On 2007-07-06 10:23:10 -0700, Jonas Sicking wrote:

> sigh, keeping saying that without coming up with an alternative
> seems very unproductive.

I agree that we seem not to be making much progress on the "deny"
issue on the mailing list.

To summarize, the concerns are:

- "deny" lets people express policies that might not be enforced
  since semantics are expressed in terms of adding to the list of
  sites for which access is permissible.

- This perception might create a slippery slope toward applying the
  access-control information for other use cases, includig inlining
  of resources.  I would suggest to be very careful before going
  down that way, and while Anne rightly argues that these are
  different use cases that shouldn't be mixed, it's not clear that
  everybody would subscribe to that argument.

- The "deny" statement adds complexity to the language's semantics,
  therefore causes more opportunities for mistakes.

The one use case that we have for the "deny" statement so far is
configuring web servers on which somebody might have put erroneous
"allow" authorizations, in case there is a practical attack going
on.  I agree that it's a valid concern, but I disagree that it
should lead to a change to the language.

Therefore, I'm essentially proposing that we do not treat this use
case.

This is ultimately a question that the two of us won't solve by
running our heads against each other, either in e-mail or on the
phone.  I'd therefore (as I said before) like to hear the opinions
that others hold on this question.

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Friday, 6 July 2007 22:47:20 UTC