Re: [access-control] update from the editor

On Wed, 9 May 2007, Anne van Kesteren wrote:
> 
>   http://dev.w3.org/cvsweb/~checkout~/2006/waf/access-control/Overview.html?content-type=text/html;%20charset=utf-8

In 2.1, ""deny" rules can be used by authors to deny read access from 
external resources to the entire server a simple way without having to 
check each individual XML resource that may have <?access-control?> 
processing instructions specified." is somewhat confusing to a first time 
reader because the PI hasn't yet been met.

In fact it's still confusing to me now. I think your prepositions are all 
wrong. I'm not really sure what you're trying to say.

2.2 doesn't actually say that if the MUSTs are violated that the resource 
is put in error.

In 3: "The match list and exclude list are both unordered lists of access 
items." -- "the" match list? "the" exclude list? There are 3 of each! This 
should probably be in the plural or something.

Is there a difference between "terminate this algorithm" and "terminate 
this algorithm (process the next list item)"?

"user agents must grant access to the resource" can we make that a SHOULD 
instead of a MUST?

It isn't completely clear to me what the "overall algorithm" is. The 
sub-algorithms have <ol>s, maybe the overall algorithm should too? I don't 
know.

I can't really comment on the "match" algorithm because I don't know what 
Request URL is supposed to be. For example, is it expected to be an 
absolute URL always, or can it be relative? What does it mean for the 
origin not to have a scheme? Why would you ignore the scheme if it's not 
followed by "://" ? How can it not have a port? Are non-host-based- 
authority schemes allowed?

Step 9 doesn't specify the order.

HTH,
-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 9 May 2007 19:28:29 UTC