W3C home > Mailing lists > Public > public-ietf-w3c@w3.org > March 2009

Re: W3C/IETF HTML 5 get-together ~25 March

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 27 Mar 2009 09:21:12 -0700
Cc: Sam Ruby <rubys@intertwingly.net>, Dan Connolly <connolly@w3.org>, public-ietf-w3c <public-ietf-w3c@w3.org>
Message-Id: <7F2CB796-F3B7-46A5-954C-5422B11C9324@mnot.net>
To: Thomas Roessler <tlr@w3.org>
My recollection is that for Origin, the next step is for me to forward  
links to the previous discussion on the HTTP list to folks from HTML5,  
because although Adam participated in that discussion, apparently a  
number of folks were surprised to hear of the conclusion that was  

Regarding CORS, I think the next step is for me to pass on a reference  
and solicit review in various parts of the IETF. There's also a  
question of whether a next-generation CORS is interesting/necessary  
(given that, AIUI, any substantial feedback is likely not to make it  
in, given how advanced the implementations apparently are).

On 27/03/2009, at 9:08 AM, Thomas Roessler wrote:

>>>> From the notes, I can't quite tell whether Origin and CORS got  
>>>> discussed together or separately.  That doesn't really match  
>>>> reality, as there's (at least in the view of some)
>>> "Discussing them separately ignores an important motivation for  
>>> Origin" is what I mean -- sorry for the unclear words.
>> They were discussed separately.  As you point out, that may have  
>> been unfortunate.  I was unaware of the connection between the two.
> That's what I feared.  Mark, any ideas on how to manage next steps  
> in that discussion?  (I'd hope we can avoid the "cross site request  
> forgery is not a security hole" rathole this time...)

Mark Nottingham     http://www.mnot.net/
Received on Friday, 27 March 2009 16:21:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:56:33 UTC