W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: Comments on: Access Control for Cross-site Requests

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 02 Jan 2008 20:55:01 +0100
To: "Close, Tyler J." <tyler.close@hp.com>, "Ian Hickson" <ian@hixie.ch>
Cc: "public-appformats@w3.org" <public-appformats@w3.org>
Message-ID: <op.t4bixzkb64w2qv@annevk-t60.oslo.opera.com>

On Wed, 02 Jan 2008 19:45:02 +0100, Close, Tyler J. <tyler.close@hp.com>  
wrote:
> Who said anything about trusting web content authors? Like I said, a  
> mechanism like the one this WG has designed may well be deployed  
> server-side. We just don't have to rely on the browser to understand the  
> mechanism and enforce it. This same program logic can reside server-side.

It's the authors that need to deploy this on their server. The concept is  
based around that. To keep it safe per resource seems a whole lot better  
than per "server". It seems to me that we (fundamentally, maybe) disagree  
how this should work. I'll make sure your objection to the approach  
outlined in the specification and the proposed alternative are given  
consideration during the CR transition call; when we get there.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Wednesday, 2 January 2008 19:52:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:24 GMT