- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 30 Jan 2008 22:40:13 +0100
- To: public-appformats@w3.org
Here's a suggestion: The solution should not introduce additional attack vectors against services that are protected only by way of firewalls. This requirement ddresses "intranet" style services authorize any requests that can be sent to the service. Note that this requirement does not preclude HEAD, OPTIONS, or GET requests (even with ambient authentication and session information). I would suggest to refrain from any further discussion of what is or is not possible. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 30 January 2008 21:40:26 UTC