- From: Ian B. Jacobs <ij@w3.org>
- Date: 16 Sep 2003 16:06:21 -0400
- To: www-tag@w3.org, noah_mendelsohn@us.ibm.com
Hello, Per my action at the TAG's 15 Sep teleconf [1], I am pleased to make available the 16 Sep draft finding [2] "URIs, Addressability, and the use of HTTP GET and POST". This draft incorporates comments from Noah Mendelsohn [3] pertaining to section 4 "Considerations for sensitive data". The changes involve: - Broadening of scope from language such as "Use SSL" to language such as "Use a secure protocol such as SSL". - Per NM's suggestion, added text about using POST when inappropriate to use secure protocol, and included his examples. - Per NM's suggestion, added example of operations that are unsafe because they cause the user to incur security-related obligations. - Addition of a reference for SSL3 I welcome review of all of (the short) section 4, of course. I am not entirely satisfied with the example that talks about an audited resource. I think more needs to be said about what "audited" means. Noah mentions GET as being appropriate for anonymous transactions. However, are there other interactions that involve tracking but not "auditing"? I guess I am looking for a clearer statement from Noah about what he means by "auditing". Per the TAG's 15 Sep teleconf, the TAG's expectations are that, unless there are strong objections to this new language, the finding will be accepted in the near future. Thank you all for your very helpful reviews! _ Ian [1] http://www.w3.org/2003/09/15-tag-summary.html#whenToUseGet-7 [2] http://www.w3.org/2001/tag/doc/whenToUseGet-20030916 [3] http://lists.w3.org/Archives/Public/www-tag/2003Jul/0297 -- Ian Jacobs (ij@w3.org) http://www.w3.org/People/Jacobs Tel: +1 718 260-9447
Received on Tuesday, 16 September 2003 16:06:30 UTC