W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2012

RE: email threads wrt comments on Cross-Origin Resource Sharing (CORS)

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Wed, 19 Dec 2012 16:12:36 -0800
Message-ID: <50D257F4.7070402@KingsMountain.com>
To: W3C Web App Security WG <public-webappsec@w3.org>, "Hill, Brad" <bhill@paypal-inc.com>

Thanks for the heads-up on this Brad, and for your editing pass on the spec.

 >   As part of the change set detailed in the recent Call for Consensus at:
 >
 > http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0072.html
 >
 > I believe I resolved many or all of the concerns indicated in the
 > summary email below.
 >
 > One change that was rejected was inclusion of a diagram in the
 > specification, on discussion on the list that a diagram would be
 > appropriate in a learning resource like the Web Platform Docs but
 > that producing a correct and mutually agreeable one need not hold
 > up CORS's finalization.
 >
 > You did not object during the call for consensus, but as part of assuring
 > that all comments have been resolved and demonstrating CORS's readiness
 > for Candidate Recommendation, can you please reply to the list either
 > acknowledging that the edits noted at the above link satisfy the issues
 > described in your below email, or which, if any, you consider to
 > still be outstanding?

I reviewed <http://www.w3.org/2011/webappsec/cors-draft/> as well as on-list 
discussion and note that many but not all of the items I raised were explicitly 
addressed or discussed.

However, I do not object to the CORS spec advancing to Candidate Recommendation 
because the edits noted at the above link address the most substantive items.

HTH

=JeffH


 >> -----Original Message-----
 >> From: =JeffH [mailto:Jeff.Hodges@KingsMountain.com]
 >> Sent: Tuesday, June 19, 2012 4:35 PM
 >> To: W3C Web App Security WG
 >> Subject: email threads wrt comments on Cross-Origin Resource Sharing
 >> (CORS)
 >>
 >> Per EKR's request on the call today, here's pointers to the extant
 >> messages/threads concerning BHIll's and my comments on Cross-Origin
 >> Resource Sharing (CORS) (BHIll's origination of the security considerations
 >> section is down at the end under "ancient history")
 >>
 >> HTH,
 >>
 >> =JeffH
 >> ------
 >>
 >> comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012    (JeffH)
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0006.html



 >>
 >> [cors] hey hey   (annevk)
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0068.html
 >>
 >> RE: [cors] hey hey    (hill, brad)
 >> (proposed incorporation of JeffH's comments)
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0069.html
 >>
 >>
 >> [ Re: [cors] hey hey    (annevk, JeffH -- two simply coordination messages
 >> elided) ]
 >>
 >>
 >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was:
 >> hey hey)  (JeffH)
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0012.html
 >>
 >>
 >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012
 >> (annevk)
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0016.html
 >>
 >>
 >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was:
 >> hey
 >> hey) (annevk)
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0017.html
 >>
 >>
 >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was:
 >> hey
 >> hey) (JeffH)
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0027.html
 >>
 >>
 >>
 >>
 >> --------------------------------------------------------------------
 >> ancient history -- origination of the CORS security considerations section:
 >>
 >>
 >> Security Considerations for CORS with credentials
 >> http://lists.w3.org/Archives/Public/public-webappsec/2011Dec/0036.html
 >>
 >> RE: Security Considerations for CORS with credentials
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jan/0006.html
 >>
 >>
 >> Updated proposal for CORS security considerations
 >> http://lists.w3.org/Archives/Public/public-webappsec/2012Feb/0021.html
 >> [+ 4 other messages in thread ]
 >>
 >> --------------------------------------------------------------------
 >
 >
 >
Received on Thursday, 20 December 2012 00:13:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 December 2012 00:13:01 GMT