Re: CORS suggestions [Was: Re: UMP / CORS: Implementor Interest]

On Thu, May 13, 2010 at 6:39 AM, Arthur Barstow <Art.Barstow@nokia.com> wrote:
> On May 12, 2010, at 2:42 PM, ext Jonas Sicking wrote:
>
>> If so, I'd really like to see the chairs move forward with making the
>> WG make some sort of formal decision on weather CORS should be
>> published or not. Repeating the same discussion over and over is not
>> good use your time or mine.
>
> There is sufficient interest in CORS such that we should continue to work on
> it. As such, I don't think any type of "formal decision" re publication is
> needed.
>
> Although this and other recent and related threads have indeed re-hashed
> some previous discussions, among some of the suggestions made are:
>
> * CORS' security considerations section needs improvements
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0625.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0630.html
>
> * Need security analysis e.g. with multi-party deployments; "test the
> security properties of CORS" (e.g. versus UMP)
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0645.html
>
> * Need usage informatin for the app developer and server admin; when is CORS
> safe to use; which is easier to use; guidelines for not "falling prey to
> attacks with CORS"
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0543.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0646.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0648.html
>
> * CORS needs text about Confused Deputy
>
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0612.html
>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0648.html
>
> Is anyone willing to contribute to the above?
>

I will happily contribute to this and to whatever work is necessary to
merge UMP
and CORS into a single spec (plus additional non-normative documents),
if that's helpful.

-- Dirk

Received on Thursday, 13 May 2010 18:01:05 UTC