W3C home > Mailing lists > Public > public-appformats@w3.org > May 2007

Re: [access-control] update from the editor

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 10 May 2007 13:27:33 +0200
To: "Ian Hickson" <ian@hixie.ch>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.tr3zf7ta64w2qv@id-c0020.guest-int.opera.no>

On Wed, 09 May 2007 21:28:12 +0200, Ian Hickson <ian@hixie.ch> wrote:
> In 2.1, ""deny" rules can be used by authors to deny read access from
> external resources to the entire server a simple way without having to
> check each individual XML resource that may have <?access-control?>
> processing instructions specified." is somewhat confusing to a first time
> reader because the PI hasn't yet been met.
> In fact it's still confusing to me now. I think your prepositions are all
> wrong. I'm not really sure what you're trying to say.

I tried to clarify it.

> 2.2 doesn't actually say that if the MUSTs are violated that the resource
> is put in error.

You mean to make it more clear to authors? Because when something is  
rejected is now determined by the algorithm in section 3.

> In 3: "The match list and exclude list are both unordered lists of access
> items." -- "the" match list? "the" exclude list? There are 3 of each!  
> This should probably be in the plural or something.

Made the definitions plural.

> Is there a difference between "terminate this algorithm" and "terminate
> this algorithm (process the next list item)"?

I rewrote most of this sub algorithm handling to make it much more clear  
(hopefully!) what needs to be done.

> "user agents must grant access to the resource" can we make that a SHOULD
> instead of a MUST?

Makes sense, addressed.

> It isn't completely clear to me what the "overall algorithm" is. The
> sub-algorithms have <ol>s, maybe the overall algorithm should too? I  
> don't know.

I put it <ol>. It probably needs some further tweaking to make it clear  
when it's invoked and such.

> I can't really comment on the "match" algorithm because I don't know what
> Request URL is supposed to be. For example, is it expected to be an
> absolute URL always, or can it be relative? What does it mean for the
> origin not to have a scheme? Why would you ignore the scheme if it's not
> followed by "://" ? How can it not have a port? Are non-host-based-
> authority schemes allowed?
> Step 9 doesn't specify the order.

I tried to fix these as well. See:


Anne van Kesteren
Received on Thursday, 10 May 2007 11:27:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:07 UTC