W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: ISSUE-10 (client-server): Client and Server model [Access Control]

From: Jonas Sicking <jonas@sicking.cc>
Date: Mon, 23 Jun 2008 14:35:24 -0700
Message-ID: <4860171C.3040609@sicking.cc>
To: Web Applications Working Group WG <public-webapps@w3.org>

I don't think we have seen any alternative proposals for putting the 
policy *enforcement* on the server. It also seems very hard to me to 
rely on the server enforcing the policy, while still protecting legacy 
servers, since they currently do not perform any such enforcement.

What I have seen suggestions for though is a simpler policy language 
that doesn't send a full white-list to the client, but rather just a 
yes/no decision to the client.

/ Jonas
Received on Monday, 23 June 2008 21:35:41 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:26 GMT