W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: ISSUE-10 (client-server): Client and Server model [Access Control]

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 23 Jun 2008 14:47:37 -0700
Message-ID: <7789133a0806231447o740da889icc7d0d9d2ab826cd@mail.gmail.com>
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Web Applications Working Group WG" <public-webapps@w3.org>

On Mon, Jun 23, 2008 at 2:35 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> What I have seen suggestions for though is a simpler policy language that
> doesn't send a full white-list to the client, but rather just a yes/no
> decision to the client.

If we go this route, we should be careful about caching of HTTP
responses, especially for GET requests.  We don't want clients to use
cached "yes" responses without consulting the server.

Adam
Received on Monday, 23 June 2008 21:48:13 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:26 GMT