W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2011

Re: Joint meeting of the CSS/WebApps/WebFonts WGs

From: Arthur Barstow <art.barstow@nokia.com>
Date: Thu, 06 Oct 2011 12:14:07 -0400
Message-ID: <4E8DD3CF.7020709@nokia.com>
To: "ext Levantovsky, Vladimir" <Vladimir.Levantovsky@MonotypeImaging.com>
CC: "Linss, Peter" <peter.linss@hp.com>, Daniel Glazman <daniel.glazman@disruptive-innovations.com>, "chaals@opera.com" <chaals@opera.com>, "schepers@w3.org" <schepers@w3.org>, Chris Lilley <chris@w3.org>, "www-style@w3.org" <www-style@w3.org>, "public-webapps@w3.org" <public-webapps@w3.org>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>, public-webappsec@w3.org, Brad Hill <bhill@paypal-inc.com>, Eric Rescorla <ekr@rtfm.com>
[ + WebAppSec WG ]

I included the WebAppSec WG since CORS is now a joint deliverable of 
WebApps and WebAppSec. (CORS is generically named "Secure Cross-Domain 
Resource Sharing" in their charter [1].)

If we are going to have a joint meeting, I have a strong preference for 
October 31. WebApps currently has some open time slots that day:

http://www.w3.org/2008/webapps/wiki/TPAC2011#Agenda_Monday.2C_October_31

I just allocated the 11:00-12:00 slot for this topic and if that doesn't 
work for others, please propose (as soon as possible) an alternate time 
that day.

In the meantime, if there are any related technical issues, please use 
public-webapps (I don't think there is need for a bunch of cross-posting).

-Art Barstow

[1] http://www.w3.org/2011/08/appsecwg-charter.html#deliverables


On 10/5/11 3:36 PM, ext Levantovsky, Vladimir wrote:
>
> Dear WG Chairs, W3C Staff contacts and WG members,
>
> The WebFonts WG has recently published WOFF specification as W3C 
> Candidate Recommendation. The specification flags two features as “at 
> risk”, both of them related to font loading behavior with default 
> same-origin restriction and CORS as a mechanism to relax it when 
> needed. The WebFonts WG believes that these features are best to be 
> specified as part of the CSS3 Fonts module that defines font loading 
> behavior. The most recent version of CSS3 Fonts WD contains section 
> 4.8 that provides for default same-origin restriction and CORS, but 
> they are also marked as “at risk” pending the resolution on the recent 
> proposal to specify “From-Origin” HTTP header as an alternative 
> mechanism to control the resource loading on the Web.
>
> I would like to respectfully ask the chairs and the members of the CSS 
> and WebApps working groups to allocate a time during the W3C TPAC week 
> for a joint meeting with WebFonts WG to discuss the mechanisms for 
> access control (CORS) and resource loading (From-Origin) to be able to 
> determine the way forward and resolve the features at risk that are 
> now parts of the CSS3 Fonts and WOFF specifications.
>
> Thank you.
>
> On behalf of the WebFonts WG,
>
> Vladimir Levantovsky, WebFonts WG chair
>
Received on Thursday, 6 October 2011 16:15:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 6 October 2011 16:15:41 GMT