W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

CORS: email from Henry Thompson re "CORS still not getting to closure"

From: Arthur Barstow <Art.Barstow@nokia.com>
Date: Fri, 23 Oct 2009 09:13:12 -0400
Message-Id: <91B1B4A5-43CE-4370-9A35-3920EBDC4EE3@nokia.com>
Cc: Henry Thompson <ht@inf.ed.ac.uk>
To: public-webapps <public-webapps@w3.org>, Anne van Kesteren <annevk@opera.com>, "Mark S. Miller" <erights@google.com>
Below is an email from Henry Thompson re CORS that I am forwarding  
with HT's permission.

-Regards, Art Barstow

Begin forwarded message:

> From: "ext Henry S. Thompson" <ht@inf.ed.ac.uk>
> Date: October 22, 2009 2:18:55 PM EDT
> To: "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>
> Subject: CORS still not getting to closure
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have just replied [1] to a message from Anne agreeing that, with
> respect to one of the threads that arose from your original forwarding
> of the TAG concerns about CORS [2], namely the importance of server-
> vs. client-side implementation, an issue can be closed.
>
> However, [2] raised _two_ concerns, and the second
>
>   there is a real possibility either that the new functionality
>   provided would, on the one hand, be insufficiently secure while, on
>   the other, discouraging the provision of something more
>   satisfactory.
>
> The most recent thread in the archives dealing with this was started
> by Mark Miller [3].  It does not seem to me that his concern, which
> is stated quite clearly:
>
>   The core criticism that several of us have raised about CORS has
>   never been addressed -- that it creates further confused deputy
>   problems.
>
> is reflected as an official issue in your issues list, or that it has
> in fact been resolved (i.e. that the WG has reached consensus on how
> to respond to it).  I'm asking you as Chair to please ensure that this
> gets into your process formally before you get to Last Call.
>
> Thanks,
>
> ht
>
> [1] http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/ 
> 0304.html
> [2] http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/ 
> 1215.html
> [3] http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/ 
> 0102.html
> - --
>        Henry S. Thompson, School of Informatics, University of  
> Edinburgh
>                          Half-time member of W3C Team
>       10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131  
> 650-4440
>                 Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
>                        URL: http://www.ltg.ed.ac.uk/~ht/
> [mail really from me _always_ has this .sig -- mail without it is  
> forged spam]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFK4KIPkjnJixAXWBoRAmvGAJ0ZE58mX7ICKMQTZh0QZYePf5MhNwCfWiJd
> kyfdoIKF73HkTxyBhUn2Tws=
> =B4YF
> -----END PGP SIGNATURE-----
Received on Friday, 23 October 2009 13:14:19 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:34 GMT