W3C home > Mailing lists > Public > public-appformats@w3.org > June 2008

Re: [AC] Helping server admins not making mistakes

From: Jon Ferraiolo <jferrai@us.ibm.com>
Date: Fri, 13 Jun 2008 15:56:21 -0700
To: Ian Hickson <ian@hixie.ch>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <OF5F84C7E8.4497EDD2-ON88257467.007CF656-88257467.007E023F@us.ibm.com>

I took a look back to see what AC looked like back in Feb. 2007:

* http://www.w3.org/TR/2007/WD-access-control-20070215/

and the spec was very short and says "The policy described is only safe for
HEAD and GET requests. " Things have changed quite a bit since then.

It probably does makes sense to split off AC for XHR from AC for XBL and
VXML.

Jon




                                                                           
             Ian Hickson                                                   
             <ian@hixie.ch>                                                
             Sent by:                                                   To 
             public-webapps-re         Thomas Roessler <tlr@w3.org>        
             quest@w3.org                                               cc 
                                       Jonas Sicking <jonas@sicking.cc>,   
                                       "WAF WG (public)"                   
             06/13/08 01:56 PM         <public-appformats@w3.org>,         
                                       public-webapps@w3.org               
                                                                   Subject 
                                       Re: [AC] Helping server admins not  
                                       making mistakes                     
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





On Fri, 13 Jun 2008, Thomas Roessler wrote:
>
> The second requirement above rules out the processing instruction.
> Let's get rid of it.

Do we really think authors of XBL2 and VoiceXML are going to be able to
set headers on their sites? That seems like a much higher barrier to entry
than we should have.

Maybe we should separate Access-Control for XHR from Access-Control for
XBL and VXML?

--
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'






graycol.gif
(image/gif attachment: graycol.gif)

pic11037.gif
(image/gif attachment: pic11037.gif)

ecblank.gif
(image/gif attachment: ecblank.gif)

Received on Friday, 13 June 2008 22:59:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 13 June 2008 22:59:28 GMT