- From: David Orchard <dorchard@bea.com>
- Date: Fri, 11 Jan 2008 09:03:31 -0800
- To: "Ian Hickson" <ian@hixie.ch>, <public-appformats@w3.org>
<snip/> > -----Original Message----- > From: public-appformats-request@w3.org > [mailto:public-appformats-request@w3.org] On Behalf Of Ian Hickson > Sent: Friday, January 11, 2008 3:30 AM > To: public-appformats@w3.org > Subject: Re: [waf] minutes from 9 January 2008 Voice Conf (fwd) > > On a broader note, it is unclear to me why we are still discussing > requirements. We have a perfectly fine specification, we > should go ahead > and publish it and move on. We already have two > specifications that are > dependent on the current design (XBL2 and XMLHttpRequest2). > > I don't even understand the problems that have been raised. > As far as I > can tell nobody has raised any real problems with the current > design; the > OPTIONS suggestion seems to be based purely on theoretical > concerns of > spec purity, and the concerns of the client having the last > say appear to > miss the point of the technology (which is entirely about preventing > information leakage and protecting against new attack vectors on the > client while enabling features that clients have previously blocked). > > Why have we not gone to LC and CR already? Can we please stop running > around in circles and move forwards? > > I suggest that those who wish a radically different model to > the one in > the current proposal instead write an alternative > specification and move > that specification forwards through the REC track, and let the market > decide which technology is better. > I believe the WAF working group is operating as part of an open process and people have comments on requirements that have never been vetted outside the working group. Putting ones hands over your ears when numerous people outside the working group express very similar concerns and comments doesn't help move an open working group forward. You say "why are we discussing requirements?", yet each and every requirement you proposed had some significant comments on it during the last telcon. It's clear that there are many people inside and outside the working group want to have a clearly documented set of requirements and usage scenarios and the current requirements don't satisfy that. I further don't think the tone of some of the messages, like much of this one, really helps the working group progress. The best way forward to consensus is to have a reasoned technical discussion of the issues without trying to shut down conversation or people. For example, you characterize the OPTIONS suggest is purely theoretical concerns of spec purity, which is typically a pejorative criticism. However, my concern as raised, is completely the opposite of "theoretical". My concern is about the potential abuse of the fundamental operation in the most widely distributed computing system ever, the web. Now I'm pretty sure that it is your opinion that the OPTIONS or HEAD suggestion are not viable because of technical reasons, such as it introduces new attack vectors, and that is a fine technical point. Just saying, to paraphrase, "there's no problem(s) with the spec" and "why are we talking about this" just does not help any working group move forward. In this case, such a common concern (that spawned how many messages?) ought not to be dismissed as quickly as one parenthetical statement. Our discussions ought to be based on reasoned technical arguments and the arguments need to be clear, compelling and easily available for others. Cheers, Dave
Received on Friday, 11 January 2008 17:03:54 UTC