W3C home > Mailing lists > Public > public-web-security@w3.org > November 2012

Re: Call for Consensus: CORS to Candidate Recommendation

From: Arthur Barstow <art.barstow@nokia.com>
Date: Fri, 16 Nov 2012 08:17:44 -0500
Message-ID: <50A63CF8.1090301@nokia.com>
To: "ext Hill, Brad" <bhill@paypal-inc.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>, "WebApps WG (public-webapps@w3.org)" <public-webapps@w3.org>, "Anne van Kesteren (annevk@annevk.nl)" <annevk@annevk.nl>, "public-web-security@w3.org" <public-web-security@w3.org>, "websec@ietf.org" <websec@ietf.org>
On 11/15/12 5:31 PM, ext Hill, Brad wrote:
>
> I have placed a draft for review at:
>
> http://www.w3.org/2011/webappsec/cors-draft/
>
> And this is a Call for Consensus among the WebAppSec and WebApps WGs 
> to take this particular text (with necessary additions to the Status 
> of this Document section if approved) forward to Candidate Recommendation.
>

I support this CfC although I am wondering about the CR exit criteria.

Do you expect to re-use the CSP1.0 criteria:

[[
The entrance criteria for this document to enter the Proposed 
Recommendation stage is to have a minimum of two independent and 
interoperable user agents that implementation all the features of this 
specification, which will be determined by passing the user agent tests 
defined in the test suite developed by the Working Group.
]]

My preference is what WebApps has used in other CRs because I think it 
is clearer that a single implementation is not required to pass every 
test but that at least two implementations must pass every test. F.ex.:

    <http://www.w3.org/TR/2012/CR-websockets-20120920/#crec>

-Thanks, AB
Received on Friday, 16 November 2012 13:18:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 16 November 2012 13:18:36 GMT