W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: ISSUE 19: Requirements and Usage Scenarios document

From: Jon Ferraiolo <jferrai@us.ibm.com>
Date: Tue, 8 Jan 2008 18:36:57 -0800
To: "David Orchard" <dorchard@bea.com>
Cc: "WAF WG (public)" <public-appformats@w3.org>, public-appformats-request@w3.org
Message-ID: <OF572A8A1D.C09F8F87-ON882573CB.000E2A5D-882573CB.000E5EE0@us.ibm.com>

How does the WAF WG want to receive feedback on the use cases and
requirements document? Via adhoc emails on this list?

One thing that strikes me immediately is that there are requirements about
XSS (cross-site scripting) but no mention of CSRF, which is one of the
concern areas from the folks at OpenAjax Alliance, primarliy due to the
current specification saying that cookies will be sent.

Jon




                                                                           
             "David Orchard"                                               
             <dorchard@bea.com                                             
             >                                                          To 
             Sent by:                  "WAF WG (public)"                   
             public-appformats         <public-appformats@w3.org>          
             -request@w3.org                                            cc 
                                                                           
                                                                   Subject 
             01/08/2008 04:04          ISSUE 19: Requirements and Usage    
             PM                        Scenarios document                  
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Art suggested that I could do a bit of spec grunt work on requirements
document so I put some pen to paper.  I've made a stab at creating a
requirements/usage scenarios document based upon Ian's requirements.  I've
checked it into the waf access-control cvs dir, but I don't think I have
permissions to make the files world readable.  Hence, I've sent to
www-archive at
http://lists.w3.org/Archives/Public/www-archive/2008Jan/0010.html
The HTML is at
http://lists.w3.org/Archives/Public/www-archive/2008Jan/att-0010/AccessControl-Requirements-20070108.html

I hope this helps the working group and I'm glad to continue or not
continue work on the document as the WG sees fit.

Cheers,
Dave





graycol.gif
(image/gif attachment: graycol.gif)

pic01641.gif
(image/gif attachment: pic01641.gif)

ecblank.gif
(image/gif attachment: ecblank.gif)

Received on Wednesday, 9 January 2008 02:42:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:08 UTC