Re: ISSUE-16 (ArtB): AC: Add some rationale to the Introduction [Access Control] from Anne van Kesteren on 2007-09-20 (public-appformats@w3.org from September 2007)

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 20 Sep 2007 15:40:08 +0200
To: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.tyyf86b664w2qv@annevk-t60.oslo.opera.com>

On Tue, 04 Sep 2007 15:39:24 +0200, Web Application Formats Working Group  
Issue Tracker <sysbot+tracker@w3.org> wrote:
> ISSUE-16 (ArtB): AC: Add some rationale to the Introduction [Access  
> Control]
>
> http://www.w3.org/2005/06/tracker/waf/issues/
>
> Raised by: Arthur Barstow
> On product: Access Control
>
> Raised by: TAG (via Stuart Williams)
> See:  
> http://lists.w3.org/Archives/Public/public-appformats/2007Aug/0025.html

I've added some rationale to the introduction. But I haven't yet indicated  
how an implementation could potentially become less secure. I suppose we  
could point out that naive implementations (and specifications defining  
how to interact with this spec) will do all kinds of information leakage  
such as port scanning because progress events are dispatched etc. and that  
people should be cautious with that. Hmm.

-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Thursday, 20 September 2007 13:40:19 UTC