Re: ISSUE-10 (client-server): Client and Server model [Access Control]

From: Jonas Sicking <jonas@sicking.cc> Date: Mon, 23 Jun 2008 14:35:24 -0700 Message-ID: <4860171C.3040609@sicking.cc> To: Web Applications Working Group WG <public-webapps@w3.org> · This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:42:58 GMT

I don't think we have seen any alternative proposals for putting the 
policy *enforcement* on the server. It also seems very hard to me to 
rely on the server enforcing the policy, while still protecting legacy 
servers, since they currently do not perform any such enforcement.

What I have seen suggestions for though is a simpler policy language 
that doesn't send a full white-list to the client, but rather just a 
yes/no decision to the client.

/ Jonas