W3C home > Mailing lists > Public > public-appformats@w3.org > May 2007

RE: [access-control] Syntax of an access-item

From: Marc Silbey <marcsil@windows.microsoft.com>
Date: Thu, 3 May 2007 12:22:03 -0700
To: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
CC: Eric Lawrence <ericlaw@exchange.microsoft.com>
Message-ID: <A124B6D0A7A67F479269C7CF4C1F41E02AC70282CF@tk5-exmlt-w600.wingroup.windeploy.ntdev.microsoft.com>

As promised in a previous teleconference I'm responding to this email. Eric, who is one of our networking experts, and I have reviewed the draft and we think it looks good. We don't really have anything else to add :) Thanks Anne!

-----Original Message-----
From: public-appformats-request@w3.org [mailto:public-appformats-request@w3.org] On Behalf Of Anne van Kesteren
Sent: Thursday, March 29, 2007 8:11 AM
To: WAF WG (public)
Subject: [access-control] Syntax of an access-item


Latest draft:

   http://dev.w3.org/cvsweb/~checkout~/2006/waf/access-control/Overview.html?content-type=text/html;%20charset=utf-8


The current production for an access item is as follows:

   access-item    ::= scheme "://" domain-pattern ( ":" port )? | "*"
   domain-pattern ::= subdomain | "*." subdomain

When port is omitted it defaults to the default port for the scheme being
used. It has been proposed to allow people to wildcard scheme and port as
you're likely in control the completely domain. This would allow:

   *://example.org:*

for instance. But not:

   example.org

The problem is that wilcarding them no longer allows port to default to
the scheme being used in a case like:

   *://example.org


Maybe we should do away with the port defaulting though. How do people
feel about that? If you omit port or scheme it would match regardless of
the port or scheme used by the request URL (for those parts). So scheme
and port would default to being wildcarded when omitted in a way. This
would allow:

   example.org
   http://example.org
   example.org:80

And disallow:

   *://example.org
   example.org:*

This approach is probably the simplest way of dealing with it. The new
syntax for access item would become:

   access-item    ::= ( scheme "://" )? domain-pattern ( ":" port )? | "*"
   domain-pattern ::= subdomain | "*." subdomain


--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Thursday, 3 May 2007 19:22:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT