W3C home > Mailing lists > Public > public-appformats@w3.org > May 2007

Re: [AC] Access Control Algorithm

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 02 May 2007 16:08:16 +0200
To: "Jonas Sicking" <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.trpdj2tg64w2qv@id-c0020>

On Thu, 26 Apr 2007 22:37:47 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> I actually liked the idea of going through the clauses in the order they  
> appear. It seems logical and easy for authors to follow that logic.
>
> However as I've been thinking about this I do think that "exclude" can  
> be useful, at least for the processing instruction. One example I  
> brought up was a server administrator inside a firewall wanting to block  
> access to all files from servers outside the firewall. Such a header  
> would likely look something like:
>
> deny <*> exclude <http://*.intranet.company.com>  
> <https://*.intranet.company.com>
>
> This would then allow the page to explicitly define which sites would be  
> able to access it, but would prevent the page from accidentally allow  
> access from an external site.

The use case for introducing this in the HTTP header is quite clear.  
What's the reason for having it in the processing instruction?

Also, you want this in addition to the current mechanism, right?


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Wednesday, 2 May 2007 14:08:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT