W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

[access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32

From: Arthur Barstow <art.barstow@nokia.com>
Date: Thu, 9 Oct 2008 13:59:27 -0400
Message-Id: <F6C021CD-C554-4E89-91C1-E69A2E26EC57@nokia.com>
To: public-webapps <public-webapps@w3.org>

The following issues were created during the July 1-2 f2f meeting  
(minutes at [1], [2], respectively).

Would someone that attended that meeting please elaborate these issues?

In particular, has the Issue been addressed and thus can be proposed  
to be Closed?

-Regards, Art Barstow

[1] <http://www.w3.org/2008/07/01-wam-minutes.html>
[2] <http://www.w3.org/2008/07/02-wam-minutes.html>

* ISSUE-25 - Revocation of cached access grants

* ISSUE-26 Wildcarding is currently possible together with cookies  
which could result in exploitable servers.

* ISSUE-29 Should Access-control allow DNS binding defense?

* ISSUE-30 Should spec have wording to recognise that User Agents may  
implement further security beyond the spec?

* ISSUE-31 Allow POST without a preflight with headers in a whitelist

* ISSUE-32 Each redirect step needs to opt in to AC in order to avoid  
data leaking
Received on Thursday, 9 October 2008 18:00:21 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:12 UTC