W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: CORS suggestions [Was: Re: UMP / CORS: Implementor Interest]

From: Dirk Pranke <dpranke@chromium.org>
Date: Thu, 13 May 2010 10:59:43 -0700
Message-ID: <z2x3726d1bf1005131059l754c1bc2v22b5c3ce077e7fd5@mail.gmail.com>
To: Arthur Barstow <Art.Barstow@nokia.com>
Cc: ext Jonas Sicking <jonas@sicking.cc>, public-webapps <public-webapps@w3.org>, Anne van Kesteren <annevk@opera.com>, Tyler Close <tyler.close@gmail.com>
On Thu, May 13, 2010 at 6:39 AM, Arthur Barstow <Art.Barstow@nokia.com> wrote:
> On May 12, 2010, at 2:42 PM, ext Jonas Sicking wrote:
>
>> If so, I'd really like to see the chairs move forward with making the
>> WG make some sort of formal decision on weather CORS should be
>> published or not. Repeating the same discussion over and over is not
>> good use your time or mine.
>
> There is sufficient interest in CORS such that we should continue to work on
> it. As such, I don't think any type of "formal decision" re publication is
> needed.
>
> Although this and other recent and related threads have indeed re-hashed
> some previous discussions, among some of the suggestions made are:
>
> * CORS' security considerations section needs improvements
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0625.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0630.html
>
> * Need security analysis e.g. with multi-party deployments; "test the
> security properties of CORS" (e.g. versus UMP)
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0645.html
>
> * Need usage informatin for the app developer and server admin; when is CORS
> safe to use; which is easier to use; guidelines for not "falling prey to
> attacks with CORS"
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0543.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0646.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0648.html
>
> * CORS needs text about Confused Deputy
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0612.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0648.html
>
> Is anyone willing to contribute to the above?
>

I will happily contribute to this and to whatever work is necessary to
merge UMP
and CORS into a single spec (plus additional non-normative documents),
if that's helpful.

-- Dirk
Received on Thursday, 13 May 2010 18:01:05 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT