W3C home > Mailing lists > Public > public-appformats@w3.org > May 2007

Re: [AC] Access Control Algorithm

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 03 May 2007 10:29:14 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.trqsi0mc64w2qv@id-c0020>

On Thu, 03 May 2007 03:00:16 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>> Also, you want this in addition to the current mechanism, right?
>
> See my latest proposal in my previous mail. Rather than having 'exclude'  
> additions to both allow and deny, I think it'd be simpler to have a  
> 'default' rule as well. This rule wouldn't need to exist for the PI,  
> though it might be nice to have it just for consistency, I don't really  
> feel strongly either way.

I missed that. The current mechanism is actually defined in such a way  
that order is not important. I'm not sure what the affect of changing that  
would be. Also, you still need to have allow and exclude for the  
processing instruction so supporting the same logic for the HTTP header  
makes more sense to me. Basically:

    rule ::= type (pattern)+ ("exclude" (pattern)+)?
    type ::= allow | deny


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Thursday, 3 May 2007 08:29:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT