W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: UMP / CORS: Implementor Interest

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 12 May 2010 13:13:15 -0700
Message-ID: <AANLkTin1Sb3SacOH-ZMmxEznKFWX3BCQwKHy9N3WeaHb@mail.gmail.com>
To: Devdatta <dev.akhawe@gmail.com>
Cc: Tyler Close <tyler.close@gmail.com>, Ian Hickson <ian@hixie.ch>, Arthur Barstow <Art.Barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>, Adam Barth <w3c@adambarth.com>
On Wed, May 12, 2010 at 12:38 PM, Devdatta <dev.akhawe@gmail.com> wrote:
> While most of the discussion in this thread is just repeats of
> previous discussions, I think Tyler makes a good (and new) point in
> that the current CORS draft still has no mention of the possible
> security problems that Tyler talks about. The current draft's security
> section
>
> http://dev.w3.org/2006/waf/access-control/#security
>
> is ridiculous considering the amount of discussion that has taken
> place on this issue on this mailing list.
>
> Before going to rec, I believe Anne needs to substantially improve
> this section - based on stuff from maybe Maciej's presentation - which
> I found really informative. He could also cite UMP as a possible
> option for those worried about security.

I agree that the security section in CORS needs to be improved.

As for the "should CORS exist" discussion, I'll bow out of those until
we're starting to move towards officially adopting a WG decision one
way or another, or genuinely new information is provided which would
affect such a decision (for the record, I don't think I've seen any
new information provided since last fall's TPAC).

/ Jonas
Received on Wednesday, 12 May 2010 20:14:07 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT