W3C home > Mailing lists > Public > public-appformats@w3.org > October 2007

Re: [access-control] non-GET threat model and authorization choreography

From: Mark Nottingham <mnot@yahoo-inc.com>
Date: Fri, 12 Oct 2007 21:49:43 +1000
Message-Id: <D7FC0669-B45F-4DDC-AA97-003764BDC5F1@yahoo-inc.com>
Cc: "WAF WG (public)" <public-appformats@w3.org>
To: Anne van Kesteren <annevk@opera.com>

Use a well-known location, like robots.txt, site maps, P3P and pretty  
much every other site-wide metadata mechanism does things.

Yes, it's ugly, yes it reserves part of URI space, and yes, it's not  
terribly friendly to micro-sites. However, it is well-understood on  
all sides, is widely deployed, scales well for complex interactions  
with multiple resources, and is less likely to have surprises pop up.

If the TAG or somebody else comes up with something genuinely better,  
great, but people have been working on it for a long time without  
much luck.


On 2007/10/12, at 7:43 PM, Anne van Kesteren wrote:

> On Fri, 12 Oct 2007 06:16:16 +0200, Mark Nottingham <mnot@yahoo- 
> inc.com> wrote:
>> You're forgetting...
>> 5. Use a different URI.
> How would that work?
> -- 
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>

Mark Nottingham       mnot@yahoo-inc.com
Received on Friday, 12 October 2007 11:52:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:07 UTC